[ksk-change] Keeping two KSK keys long term
Jakob Schlyter
jakob at kirei.se
Wed Oct 1 21:15:34 UTC 2014
On 1 okt 2014, at 23:00, Michael StJohns <msj at nthpermutation.com> wrote:
> Having two keys - in the trust anchor set - should be the minimum steady state. It means that you can compromise one of them and still recover without needing to do a full trust reboot.
That only makes sense if you maintain and protect the keys separately, something that comes with a considerable cost. We did considering this when the current Root DNSSEC was engineered, and IIRC the cost/benefit analysis did not justify such a scheme.
jakob
More information about the ksk-rollover
mailing list