[ksk-change] Keeping two KSK keys long term

Jakob Schlyter jakob at kirei.se
Wed Oct 1 21:15:34 UTC 2014

On 1 okt 2014, at 23:00, Michael StJohns <msj at nthpermutation.com> wrote:

> Having two keys - in the trust anchor set -  should be the minimum steady state.  It means that you can compromise one of them and still recover without needing to do a full trust reboot.

That only makes sense if you maintain and protect the keys separately, something that comes with a considerable cost. We did considering this when the current Root DNSSEC was engineered, and IIRC the cost/benefit analysis did not justify such a scheme.


More information about the ksk-rollover mailing list