[ksk-change] Not rolling over, part 2: adding another signing algorithm
Paul Hoffman
paul.hoffman at vpnc.org
Sun Sep 21 19:23:36 UTC 2014
Greetings. Joe and David have said that the intended meeting can cover issues other than a key rollover, and the earlier thread points to something that ICANN might want to do before, after, or instead of a key rollover exercise: add a different key with a different signature algorithm, presumably an elliptic curve algorithm with 256-bit keys.
This could be done with the intention of having the two signatures in parallel for a long time, or it could be done with the intention that the shorter, stronger, more reliable key replaces the current key.
--Paul Hoffman
More information about the ksk-rollover
mailing list