Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Insecure delegati<strong>on</strong>s<br />
• How can <strong>DNSSEC</strong> be<br />
deployed incrementally?<br />
Resolver<br />
DNSKEY<br />
• If child z<strong>on</strong>e is unsigned,<br />
resolver must be able to<br />
prove it is insecure.<br />
• NSEC resource records<br />
provide proof of absence<br />
of DS.<br />
.<br />
DNSKEY<br />
Z<strong>on</strong>e data<br />
DNSKEY<br />
DS<br />
net<br />
Z<strong>on</strong>e data<br />
NSEC/DS<br />
example.com<br />
Z<strong>on</strong>e data<br />
21<br />
Verisign Public<br />
21