|
DNSSec for SixXS reverse delegations
![[de]](/s/countries/de.gif) Shadow Hawkins on Friday, 05 September 2008 00:21:13
Getting the reverse delegation for your subnet is simple.
What about deploying DNSSec for the reverse zones and allowing secure delegations?
I know, there are some operational challenges (like key rollover, resigning etc.). But I'm certain it's doable.
Okay, I see that we'll need a chain of trust in the end. I know the argument of the not signed root. But RIPE is signing ... most likely the PoPs do not yet have the infrastructure in place.
What else is stopping you and us from deploying it?
[Yes, my zones are signed]
DNSSec for SixXS reverse delegations
The PoPs indeed, or more specifically the ISPs that run them don't have the infrastructure in place, though that can be resolved with DLV. This is the current plan that we have.
The biggest issues are actually signing the zones though and distributing the keys and getting your key to us in a secure way etc etc.
See Technology Status, it is there on the wishlist, and one day might become reality. The Time Factor is, like a lot of things, the most important issue though.
|
![[ch]](/s/countries/ch.gif)
on Friday, 05 September 2008 11:20:09
Posting is only allowed when you are