[ksk-rollover] Suggested update to the key ceremonies.

Geoff Huston gih at apnic.net
Thu Feb 15 00:36:05 UTC 2018

> On 15 Feb 2018, at 8:35 am, Paul Hoffman <paul.hoffman at icann.org> wrote:
> On Feb 14, 2018, at 12:40 PM, Warren Kumari <warren at kumari.net> wrote:
>> I think that it would be a useful addition to the script to ensure
>> that, when a new KSK is generated, it does not have the same Key ID as
>> any previous KSKs. If is *does* have the same Key ID, it should be
>> discarded and a new one generated.
> As someone who has to write tools to deal with ICANN's trust anchors, I give this proposal two thumbs up. 

Warren has done well to point this out, and yes, its a small but important aspect of the key generation process


More information about the ksk-rollover mailing list