interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

thinking

This commit is contained in:
Glen Wiley 2013-08-30 11:35:18 -04:00
parent 499c3eac98
commit a8f360e7d7
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/trustanchor.txt
View File

@ -37,7 +37,7 @@ The KSK can be placed in the sources which is probably the easiest for
the system operator and is sufficiently secure provided the source the system operator and is sufficiently secure provided the source
deliver process is secure. deliver process is secure.
One downside to this approach is that the soruce package becomes stale One downside to this approach is that the source package becomes stale
following a KSK roll. This can be partially mitigated by providing following a KSK roll. This can be partially mitigated by providing
clear diagnostic messages for the user if they attempt to validate clear diagnostic messages for the user if they attempt to validate
DNSSEC responses with outdated keys. DNSSEC responses with outdated keys.
@ -45,7 +45,7 @@ DNSSEC responses with outdated keys.
Automatically Fetch Key Via ICANN Website Automatically Fetch Key Via ICANN Website
----------------------------------------- -----------------------------------------
One of the easiest approaches is to embed the url from which we fetch One of the easiest approaches is to embed the URL from which we fetch
the KSK into the sources, the library can quietly fetch the KSK if one the KSK into the sources, the library can quietly fetch the KSK if one
isn't available on the system. This has some potential security isn't available on the system. This has some potential security
risks. risks.