[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

Tomofumi Okubo tomofumi.okubo at gmail.com
Sun Sep 21 17:21:10 UTC 2014

Hello Joe,

On Sun, Sep 21, 2014 at 8:41 AM, Joe Abley <jabley at hopcount.ca> wrote:

> Having such a standby key available (e.g. as recommended in RFC 5011, and by Mike StJohns in the past) would help align the two procedures, although an approach for mitigating the compromise of both active and standby keys would still be required for the general case of emergency roll due to compromise.

Yes I agree. I like the idea of having standby keys that will help a lot.

Although, even with the standby keys, we still need to consider
scenarios in which both keys needs to be replaced such as algorithm
compromise (if it is the same) or physical compromise of the key (if
both key sit on he same HSM).


More information about the ksk-rollover mailing list