Revision [2552]

This is an old revision of dnssecds made by JulianDemarchi on 2011-07-28 21:34:55.

 

TLD DS Distribution


There will be two problems discussed here. Getting the root DS key out in a secure and on time manner. Securely receving DS's from TLDs. These problems sounds simple to solve, but their actually not. Distributing the DS keys is easy, but ensuring the people receving the keys can trust them is not. We need to ensure both keys sent and received are trustworthy. This comes down to GPG and the web of trust ideals.

Root DS Distribution


We've had a few ideas for ways we can distribute the root DS keys, they've all been listed on the project page.

GPG
Making the DS key available for download on some webspace would allow easy download access. This key could then be GPG verified via a quick TXT DNS lookup for the GPG sig.

HTTPS
Making the DS available on a HTTPS server, so the end user can trust the SSL cert. This idea would require the creation of an OpenNIC CA server. Not a bad idea, as the CA is on our task list already.

TLD DS Receving

There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki