At 21:10 16-10-2012, pangj wrote: >IMO, a resolver will have the ability to get the public key of a ZSK >for validating the signed RR. How will it get this public key? > >And, is the usage of a KSK similiar to the CA certificate? See http://www.nlnetlabs.nl/publications/dnssec_howto/ Regards, -sm