[ksk-change] Which style of rollover were people thinking of?

Richard Lamb richard.lamb at icann.org
Tue Oct 7 21:02:51 UTC 2014

+1  Yep..

-----Original Message-----
From: ksk-rollover-bounces at icann.org [mailto:ksk-rollover-bounces at icann.org]
On Behalf Of Wessels, Duane
Sent: Tuesday, October 07, 2014 2:00 PM
To: Paul Hoffman
Cc: ksk-rollover at icann.org
Subject: Re: [ksk-change] Which style of rollover were people thinking of?

On Oct 7, 2014, at 1:41 PM, Paul Hoffman <paul.hoffman at vpnc.org> wrote:

> Greetings again. Assuming that we are still thinking of doing a KSK
rollover, what style of rollover were people thinking of?
draft-ietf-dnsop-dnssec-key-timing-05 describes described three. Of course,
there is no DS record here, but the DS's moral equivalent is the manually
trusted key(s) in the validating resolvers.


If my reading of the draft is correct, the Double-KSK method most accurately
describes what the root zone management partners had been talking about
during our 2013 discussions.

ksk-rollover mailing list
ksk-rollover at icann.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5456 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20141007/f19b2595/smime.p7s>

More information about the ksk-rollover mailing list