Exchanging Keys with Sub- and Super-Zones
Other peoples' machines won't know that your zone's public key is accurate unless
you have it signed by its superzone. (The superzone of e.g. "toad.com" is
"com".) Similarly, if you have any sub-zones, you should get a public
key from each of them, sign it, and return the signature to them.
Next page: How keying info gets used; Up:
Domain Name System Security home page