[DNSSEC-Transparency] Logging of DS removal

Linus Nordberg linus at nordu.net
Thu Feb 4 14:48:28 CET 2016


Jan VĨelak <jan.vcelak at nic.cz> wrote
Wed, 3 Feb 2016 18:37:22 +0100:

| > The next question is how this should be done in practice, in our current
| > experiment. IIRC we decided in Yokohama that Paul would hack up an
| > unbound to submit DS records it stumbled over, together with a chain of
| > keys and signatures up to a trust anchor that the log had configured.
| > I'm going to show my ignorance and ask how this would be detected and
| > expressed while pointing out that "duh, NSEC*" is _not_ enough for me to
| > understand. :) I do accept terse descriptions and pointers to relevant
| > litterature though!
| 
| This is the easiest way to start.

How is this done in practice?



More information about the DNSSEC-Transparency mailing list