[ksk-rollover] Suggested update to the key ceremonies.
Geoff Huston
gih at apnic.net
Thu Feb 15 00:36:05 UTC 2018
> On 15 Feb 2018, at 8:35 am, Paul Hoffman <paul.hoffman at icann.org> wrote:
>
> On Feb 14, 2018, at 12:40 PM, Warren Kumari <warren at kumari.net> wrote:
>> I think that it would be a useful addition to the script to ensure
>> that, when a new KSK is generated, it does not have the same Key ID as
>> any previous KSKs. If is *does* have the same Key ID, it should be
>> discarded and a new one generated.
>
> As someone who has to write tools to deal with ICANN's trust anchors, I give this proposal two thumbs up.
Warren has done well to point this out, and yes, its a small but important aspect of the key generation process
g
More information about the ksk-rollover
mailing list