MoinQ:

DNSSEC/trustanchorについて、ここに記述してください。

http://www.ipa.go.jp/security/fy21/reports/tech1-tg/a_04.html

Interim Trust Anchor Repository (ITAR)


DNSSECを使うにはroot serverが信用できなければならない。

まずは、「なに、だれ、を信用するか。」から始める必要がある。

1. RFC 4033

What Is A Trust Anchor?

“A configured DNSKEY RR or DS RR hash of a DNSKEY RR.
 A validating security-aware resolver uses
this public key or hash as a starting point for building the
authentication chain to a signed DNS response.

Ingeneral, a validating resolver will have to obtain the
initial values of its trust anchors via some secure or
trusted means outside the DNS protocol.

Presence of atrust anchor also implies that the resolver should expect
the zone to which the trust anchor points to be signed.”