[afnog] .TZ DS records in root zone
Heinrich Strauss
heinrich at hstrauss.co.za
Sat Feb 9 10:40:30 UTC 2013
Hi, Boney.
In a properly configured infrastructure, it is now more difficult (read:
impossible, in most cases) to fake DNS entries under .tz or other
signed-zones.
It helps calm things with respect to compromised certificate issuers, as
we've seen in the last few years, but is not a "silver-bullet." It also
allows for things like putting SSH FingerPrints in the DNS (SSHFP
records) or validating certificate signatures from the DNS (TLSA
records). This helps to verify authenticity of the server you're
connecting to in a security-conscious environment.
As with all security measures, though, it is one link in a large chain,
though.
Regards,
Strauss
On 2013/02/09 10:05, Boney Mutabazi wrote:
>
> Hi Every one i like what am reading about the "TZ DS officially
> signed" Question is to an every day internet user what does mean and
> also to TZ ISPs both in terms of speed and cost per Gig
>
> thanks
> Boney
>
> On Feb 9, 2013 9:23 AM, "SM" <sm at resistor.net
> <mailto:sm at resistor.net>> wrote:
>
> Hi Simon,
> At 13:34 08-02-2013 <tel:34%2008-02-2013>, Simon M. Balthazar wrote:
>
> Yes Alain we do....TZ is officially signed.
>
>
> Congratulations.
>
> Regards,
> -sm
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20130209/1a313646/attachment.html>
More information about the afnog
mailing list