| ▲ | 1vuio0pswjnm7 7 hours ago | |
Is there non-ICANN DNSSEC Everyone knows "WebPKI", e.g., self-appointed "cert authorities", generally relies on DNS With an added DNSSEC step, perhaps this is now limited to ICANN DNS only Self-appointed "cert authorities" checking with self-appointed domainname "authority". A closed system | ||
| ▲ | cyberax 7 hours ago | parent [-] | |
You can add multiple trust anchors to DNSSEC resolvers. Before the "." zone was signed, adding zone-specific anchors was the only way to get DNSSEC working. | ||