[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

Tomofumi Okubo tomofumi.okubo at gmail.com
Sun Sep 21 19:30:13 UTC 2014

Hello David,

On Sun, Sep 21, 2014 at 11:27 AM, David Conrad <david.conrad at icann.org> wrote:
> On Sep 21, 2014, at 11:15 AM, Tomofumi Okubo <tomofumi.okubo at gmail.com> wrote:
> How would this impact the size of responses?

Yes, this will make the keyset a bit larger.

I might be wrong but from what I understand, bigger payload may or may
not cause bad things. This is why I suggest exploring the option.

>From a security standpoint, standby key is good. But I also understand
from a DNS engineering standpoint it could be bad.

I'm sure people in the group already read this but just in case...
Appendix B – DNS Response Size Considerations (page 31)


More information about the ksk-rollover mailing list