[afnog] Signing root zone
Stephane Bortzmeyer
bortzmeyer at nic.fr
Fri Nov 7 08:16:58 UTC 2008
On Thu, Nov 06, 2008 at 04:30:01PM +0000,
alain aina <aalain at trstech.net> wrote
a message of 67 lines which said:
> we abandon it for now.
No, you did not, you stopped signing trstech.net, which is not the
same thing. Abandoning a DS registry (wether DLV or not) means telling
the registry to suppress your DS, *then* (after expiration of the data
in the caches) possibly deleting the signatures of your zones.
> Were people expecting DNSSEC to be a simple and easy solution?
Since most people have no experience at all with DNSSEC, they may
easily be wrong about DNSSEC simplicity.
More information about the afnog
mailing list