Comments on: Deliberately Invalidatable Root Zone http://www.forsberg.eu/2010/01/29/deliberately-invalidatable-root-zone/ Thu, 08 Apr 2010 18:41:29 +0000 hourly 1 http://wordpress.org/?v=3.0 By: LGForsberg http://www.forsberg.eu/2010/01/29/deliberately-invalidatable-root-zone/comment-page-1/#comment-3343 LGForsberg Fri, 29 Jan 2010 13:24:32 +0000 http://www.forsberg.eu/?p=571#comment-3343 Thanks Patrik! I think my brain already halted while I wrote this last night. I made a "NoNo" and altered the post to better fit the truth. Regards, LG Thanks Patrik!

I think my brain already halted while I wrote this last night. I made a “NoNo” and altered the post to better fit the truth.

Regards,
LG

]]> By: Patrik Wallström http://www.forsberg.eu/2010/01/29/deliberately-invalidatable-root-zone/comment-page-1/#comment-3342 Patrik Wallström Fri, 29 Jan 2010 13:01:31 +0000 http://www.forsberg.eu/?p=571#comment-3342 A correction here is needed. The root is currently signed with a fully valid key. It is the public key that is currently published as DURZ that is broken "beyond recognition". The purpose of the DURZ is that you don't want people to be able to use the key for any validation whatsoever until the DNSSEC in root is considered as being in production. When that happens, the valid key is of course being published in the zone. A correction here is needed. The root is currently signed with a fully valid key. It is the public key that is currently published as DURZ that is broken “beyond recognition”. The purpose of the DURZ is that you don’t want people to be able to use the key for any validation whatsoever until the DNSSEC in root is considered as being in production. When that happens, the valid key is of course being published in the zone.

]]>