crypto-validated?
Joseph S D Yao
jsdy at cospo.osis.gov
Tue Dec 19 21:09:27 UTC 2000
On Tue, Dec 19, 2000 at 12:47:28PM -0800, fred pasteck wrote:
>
> > The AD bit should only be set if the server sending
> > the answer is
> > DNSSEC-aware and has validated the cryptographic
> > signature(s) on the
> > resource record(s) in the answer. DNSSEC - Secure
>
> How does it validate the remote box if it doesn't
> already have some type of identification such as a
> key?
There is a key. The server you are querying has the public key. The
original server essentially "signs" the data, and the receiving server
validates the signature.
I think - this is one area that I have only dipped my toes in [while
others were merely swimming along beside me].
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list