From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 19 15:06:31 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A73DD106566B
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Apr 2010 15:06:31 +0000 (UTC)
	(envelope-from prvs=0718cc3a79=johnl@iecc.com)
Received: from gal.iecc.com (gal.iecc.com [64.57.183.53])
	by mx1.freebsd.org (Postfix) with ESMTP id 39EB98FC25
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Apr 2010 15:06:30 +0000 (UTC)
Received: (qmail 43730 invoked from network); 19 Apr 2010 15:06:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com;
	h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness;
	s=k1004; bh=Wo+gcFCdvAEtzSXt/DUKt/BWVeLOTtdqZGuF77TRELs=;
	b=TZ5jWnAlb06oFpIULac81GS4XYxzJUbFA1WJbgdd40vq1c8HZoGX4Sn4cCd3+fe5vgo4dOoc3KLiEmppA0YXqyUO2Herpa5vm9ZfG4nOsVwAtZZ1lb9WqFZpClRoI130cSH/lEVMCNu/HyJh3bPF8FOfT/AMPt4fwx9MEhgbek0=
Received: (ofmipd 64.57.183.62) with (DHE-RSA-AES256-SHA encrypted) SMTP;
	19 Apr 2010 15:06:08 -0000
Date: 19 Apr 2010 11:06:29 -0400
Message-ID: <alpine.BSF.2.00.1004191105450.48244@joyce.lan>
From: "John R. Levine" <johnl@iecc.com>
To: "krad" <kraduk@googlemail.com>
In-Reply-To: <m2yd36406631004190759g4f1da008gc13d0c250ffde539@mail.gmail.com>
References: <n2rd36406631004190412k9fea6e71i2b61d411fd7948@mail.gmail.com>
	<20100419145615.48204.qmail@joyce.lan>
	<m2yd36406631004190759g4f1da008gc13d0c250ffde539@mail.gmail.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-questions@freebsd.org
Subject: Re: DJB and root ns server dnssec signing
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2010 15:06:31 -0000

> I think watch i really need to do is find a root ns that is already serving
> signed records then limit djb to that, and then i can do some testing. My
> gut feeling is that it will be ok, but its no where near 90% let alone 100%
> which is why im nervous. PR nightmare if it does go wrong

The roots all return the same thing, but you might try some experiments 
using requests to the tiny .MUSEUM domain which has been signed for a 
while.

R's,
John