[ksk-change] Write up of key rollover experience

Geoff Huston gih at apnic.net
Thu Oct 16 18:07:28 UTC 2014


This is a writeup of the consequences of key rollover at the time when the in-addr zone operate with an unsigned root and without 5011 support.  (Obviously a signed root has largely addressed this situation.)

At the time there was a degree of reliance of various forms of out of band key distribution, which may have some relevance to the root key roll.

Anyway, in response to a request for write ups of previous key roll experience, this is one.


More information about the ksk-rollover mailing list