[ksk-rollover] Retention of the 2010 KSK CONSIDERED HARMFUL

Salz, Rich rsalz at akamai.com
Tue Apr 2 15:53:16 UTC 2019


  *   It is a monumentally bad idea to retain revoked key material

+1, +2, +1000!

If you want a chain of trust, when you generate key “N+1” sign it with key “N”.  Repeat for each generation.


  *   This is not a case where holding on to the past preserves the future.

Nice turn of phrase!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190402/e14efc80/attachment-0001.html>


More information about the ksk-rollover mailing list