[ksk-rollover] Retention of the 2010 KSK CONSIDERED HARMFUL
Salz, Rich
rsalz at akamai.com
Tue Apr 2 15:53:16 UTC 2019
* It is a monumentally bad idea to retain revoked key material
+1, +2, +1000!
If you want a chain of trust, when you generate key “N+1” sign it with key “N”. Repeat for each generation.
* This is not a case where holding on to the past preserves the future.
Nice turn of phrase!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190402/e14efc80/attachment-0001.html>
More information about the ksk-rollover
mailing list