## page was renamed from DNSSEC/trustanchor
DNSSEC/trustanchorについて、ここに記述してください。

http://www.ipa.go.jp/security/fy21/reports/tech1-tg/a_04.html

Interim Trust Anchor Repository (ITAR)

----
DNSSECを使うにはroot serverが信用できなければならない。
　root server のIPアドレスや公開鍵をどうやって入手するか。
　　DNS(UDP)を使ったのでは意味がない。　-- ToshinoriMaeno <<DateTime(2011-07-09T09:52:42+0900)>>

まずは、「なに、だれ、を信用するか。」から始める必要がある。
　それを検証するには。

== RFC 4033 ==
What Is A Trust Anchor?

{{{
“A configured DNSKEY RR or DS RR hash of a DNSKEY RR.
 A validating security-aware resolver uses
this public key or hash as a starting point for building the
authentication chain to a signed DNS response.

Ingeneral, a validating resolver will have to obtain the
initial values of its trust anchors via some secure or
trusted means outside the DNS protocol.

Presence of atrust anchor also implies that the resolver should expect
the zone to which the trust anchor points to be signed.”
}}}