To:
Jakob Schlyter <jakob@crt.se>
Cc:
miekg@atoom.net, dnssec@cafax.se
From:
"Olaf M. Kolkman" <olaf@ripe.net>
Date:
Thu, 19 Dec 2002 11:20:41 +0100
In-Reply-To:
<Pine.BSO.4.50.0212191033330.22276-100000@fonbella.crt.se>
Sender:
owner-dnssec@cafax.se
Subject:
Re: dnssec resolver
Let me add a bubblebalbe method to Net::DNS::RR::DS
can you send me a reference to the specs?
--Olaf
On Thu, 19 Dec 2002 10:39:41 +0100 (MET)
Jakob Schlyter <jakob@crt.se> wrote:
> On Wed, 18 Dec 2002, Miek Gieben wrote:
>
> > I've made some improvements in the code. The most important change is
> > that there is a resolvsec.conf. This file lists all the secure entry
> > points together with their nameserver(s). I've made the decision to use
> > DS record in this file in stead of key records. The first reason is that
> > I think DS records are somewhat easier to handle than key records. The
> > second, related, reason is that this makes the parsing of the file a lot
> > simpler.
>
> I've just played around some with the code, it is really useful for
> debugging. nice work!
>
> I also agree with the decision to use ds records for trust and hope that
> our friends at ISC will implement this in bind9 as well - it would be much
> easier when configuring the resolvers. combined with a good
> pseudo-language generator (such as bubblebabble used by ssh) out-of-band
> verification is also easier.
>
> example:
>
> 9d58f48fe8675d9b52021daa47cd2a35
> ... becomes ...
> xoced-kyvak-fydul-rorer-robat-lyhav-meran-socok-laram-robog-coxux
>
>
> jakob
>
> --
> Jakob Schlyter <jakob@crt.se> Network Analyst
> Phone: +46 31 701 42 13, +46 70 595 07 94 Carlstedt Research & Technology
>
--------------------------------------------| Olaf M. Kolkman
| www.ripe.net/disi