[ksk-change] Testing new keys added
Jakob Schlyter
jakob at kirei.se
Sun Oct 12 18:49:21 UTC 2014
On 10 okt 2014, at 18:49, Michael StJohns <msj at nthpermutation.com> wrote:
> Not exactly. By convention we split ZSK and KSK duties, but that's not actually enforced by the resolver.
Sure, but it is enforced by the current RZ key management process. ICANN can not sign an arbitrary RRset unless several key components are modified, including the DPS and the software used for signing.
jakob
More information about the ksk-rollover
mailing list