DNSSEC mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Roy Arends <roy@dnss.ec>
Cc: dnssec@cafax.se
From: Matt Larson <mlarson@verisign.com>
Date: Sat, 19 Jun 2004 16:17:31 -0400
Content-Disposition: inline
In-Reply-To: <Pine.BSO.4.56.0406191746110.30010@trinitario.schlyter.se>
Sender: owner-dnssec@cafax.se
User-Agent: Mutt/1.5.6i
Subject: Re: continued: rrsig(qtype)

On Sat, 19 Jun 2004, Roy Arends wrote:
> Note that it is not possible for the resolver/validator to notice the
> difference between a dynamically signed and a pre-signed RRSIG (which is
> good).

But then a compromised dynamic signing key can be used to sign
positive answers, too.  Is there any value to a special type of key
that is only valid for dynamically signed negative answers?

Matt

Follow-Ups:
- Re: continued: rrsig(qtype)
  - From: Roy Arends <roy@dnss.ec>

References:
- continued: rrsig(qtype)
  - From: Roy Arends <roy@dnss.ec>

Prev by Date: continued: rrsig(qtype)
Next by Date: Re: continued: rrsig(qtype)
Prev by thread: continued: rrsig(qtype)
Next by thread: Re: continued: rrsig(qtype)
Index(es):
- Date
- Thread

Home | Date list | Subject list