[Unbound-users] Validating the root: translation of ICANN XML file
lampe at hauke-lampe.de
Tue Aug 24 20:00:04 UTC 2010
On 24.08.2010 19:03, =JeffH wrote:
> ..where's the pubkey supposed to come from to validate it? If GPG is
> supposed to suck it over the net, maybe that's the problem?
gpg needs to have IANA's DNSSEC public key in its keyring.
You can retrieve the key from public keyservers:
gpg --search-key dnssec at iana.org
or download it from IANA here:
Now that you have the key, you can either trust that its the right one.
That's what I did.
Or you would have to verify the key's fingerprint with IANA staff,
although I don't know if that's even an option[*].
JFTR, the key in my keyring has these IDs and fingerprint:
pub 1024D/0F6C91D2 2007-12-01 [expires: 2011-11-25]
Key fingerprint = 2FBB 91BC AAEE 0ABE 1F80 31C7 D1AF BCE0 0F6C 91D2
uid DNSSEC Manager <dnssec at iana.org>
sub 2048g/1975679E 2007-12-01
[*] How about a voice recording on a POTS extension? ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users