[ksk-rollover] Retention of the 2010 KSK CONSIDERED HARMFUL

[Salz, Rich]

  *   The problem with this is that you need to know *when* N signed N+1, and you can't believe N about the time.

Out of band verification. You make sure the chain you have connects properly up to the current KSK.

Or you tell folks turning on old computers to just reconfig first. :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190402/f08c8613/attachment-0001.html>