[ksk-rollover] Suggested update to the key ceremonies.

Geoff Huston gih at apnic.net
Wed Feb 21 19:28:58 UTC 2018

> So my base point is - don't try to fix the wrong problem.  Key tags are what they are and will remain as such.  With 16 bits, collisions are inevitable at some point and may actually occur *after* the keys are generated (- revoked keys).  Fix 8145 and KSK sentinel instead.
> (And by the way - does any of the 8145 or KSK sentinel implementations correctly match a revoked key with its unrevoked brother?)

I don't understand this question Mike - particularly “unrevoked brother” - could you describe in a little more detail what you are referring to here?



More information about the ksk-rollover mailing list