[Yeti DNS Discuss] 答复: A proposal of preserving IANA NSEC Chain and ZSK RRSIGs

Davey Song(宋林健) ljsong at biigroup.cn
Wed Aug 23 02:01:44 UTC 2017

Yes. It tries to relieve that nervous in technical way. The ideal solution
is that multiple trust anchor ("and" logic) can work in the resolver. We
just would like to take place the NS rrset, right?

> -----邮件原件-----
> 发件人: Stephane Bortzmeyer [mailto:bortzmeyer at nic.fr]
> 发送时间: 2017年8月22日 21:38
> 收件人: Davey Song
> 抄送: discuss at lists.yeti-dns.org
> 主题: Re: [Yeti DNS Discuss] A proposal of preserving IANA NSEC Chain and
> On Tue, Aug 22, 2017 at 05:53:11PM +0800,  Davey Song <ljsong at biigroup.cn>
> wrote  a message of 145 lines which said:
> > I just made a post as a proposal of Yeti experiment by Preserving IANA
> > NSEC Chain and ZSK RRSIGs in Yeti root zone.
> > http://yeti-dns.org/yeti/blog/2017/08/22/Preserving-IANA-NSEC-Chain-an
> > d-ZSK-RRSIGs.html
> I'm skeptical that it will convince the people who are nervous enough to
> that Yeti threatens the security and stability of the Internet. After all,
> resolvers will have to use the Yeti trust anchor and, therefore, Yeti
would still
> be in position to do everything.
> But it is a nice technical test, so I support it.

More information about the discuss mailing list