• Marek Vavruša's avatar
    daemon: root trust anchors automatically bootstrapped from IANA · 1af623da
    Marek Vavruša authored
    if the root key file doesn’t exist, it will be populated from root DNSKEY query, which will be validated against root trust anchors retrieved over HTTPS with IANA cert verification against built-in current IANA cert CA. it requires luasocket and luasec for it to work. trust anchors XML file signature is not checked, as there’s no facility for PKCS7 checking yet.
    1af623da
icann-ca.pem 4.44 KB