[rssac-caucus] FOR REVIEW: RSSAC FAQ
Shumon Huque
shuque at gmail.com
Tue Feb 27 00:18:33 UTC 2018
On Mon, Feb 26, 2018 at 7:12 PM, Wessels, Duane <dwessels at verisign.com>
wrote:
>
>
> Ah, thanks for clarifying that. I should've read the TSIG RFC more
> carefully. I withdraw my objection to "protected"!
>
> another attempt:
>
> The transfer of the root zone file from the Root Zone Maintainer (RZM) to
> the individual RSOs occurs via the DNS zone transfer protocols (AXFR in RFC
> 5936 and IXFR in RFC 1995). These zone transfer messages are protected by
> the use of TSIG resource records as described in RFC 2845. This is a
> reliable protocol and we are not aware of any incidents of data
> corruption. Furthermore, since the root zone is signed, incorrect or
> falsified answers can be detected by DNSSEC validators. RSSAC encourages
> all recursive name server operators to enable DNSSEC validation when
> possible.
>
Looks good to me!
Shumon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/rssac-caucus/attachments/20180226/ed5bc054/attachment.html>
More information about the rssac-caucus
mailing list