[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)
Tomofumi Okubo
tomofumi.okubo at gmail.com
Sun Sep 21 19:30:13 UTC 2014
Hello David,
On Sun, Sep 21, 2014 at 11:27 AM, David Conrad <david.conrad at icann.org> wrote:
> On Sep 21, 2014, at 11:15 AM, Tomofumi Okubo <tomofumi.okubo at gmail.com> wrote:
>
> How would this impact the size of responses?
Yes, this will make the keyset a bit larger.
I might be wrong but from what I understand, bigger payload may or may
not cause bad things. This is why I suggest exploring the option.
>From a security standpoint, standby key is good. But I also understand
from a DNS engineering standpoint it could be bad.
I'm sure people in the group already read this but just in case...
Appendix B – DNS Response Size Considerations (page 31)
https://www.icann.org/en/system/files/files/sac-063-en.pdf
Cheers!
Tomofumi
More information about the ksk-rollover
mailing list