[Unbound-users] Should we really validate with a revoked TA
Stephan Lagerholm
stephan.lagerholm at secure64.com
Wed Aug 4 21:31:56 UTC 2010
Admittedly miss configured but unbound validates www.secure64.com
<http://www.secure64.com/> when a revoked DNSKEY is used as a trust
anchor, see attached unbound.conf.
Isn't that a violation of 5011 section 2.1?
"Once the resolver sees the REVOKE bit, it MUST NOT use this key as a
trust anchor or for any other purpose"
/Stephan
----------------------------------------------------------------------
Stephan Lagerholm
Senior DNS Architect, M.Sc. ,CISSP
Secure64 Software Corporation, www.secure64.com
Cell: 469-834-3940
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20100804/dd68e0b3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound.conf
Type: application/octet-stream
Size: 335 bytes
Desc: unbound.conf
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20100804/dd68e0b3/attachment.obj>
More information about the Unbound-users
mailing list