[ksk-change] Which style of rollover were people thinking of?

Wessels, Duane dwessels at verisign.com
Tue Oct 7 20:59:35 UTC 2014

On Oct 7, 2014, at 1:41 PM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:

> Greetings again. Assuming that we are still thinking of doing a KSK rollover, what style of rollover were people thinking of? draft-ietf-dnsop-dnssec-key-timing-05 describes described three. Of course, there is no DS record here, but the DS's moral equivalent is the manually trusted key(s) in the validating resolvers.


If my reading of the draft is correct, the Double-KSK method most accurately
describes what the root zone management partners had been talking about
during our 2013 discussions.


More information about the ksk-rollover mailing list