[ksk-rollover] Thoughts on future KSK Rolls
Wes Hardaker
wjhns1 at hardakers.net
Wed Apr 3 21:17:07 UTC 2019
Tim April <timapril at gmail.com> writes:
> To take this approach, I would propose a model where, outside of an
> emergency condition, there would be at least two KSKs in the root zone
> at any time which have been published for at least one month (the 5011
> hold down timer length).
FYI, In a hotly contested draft that never made it to an RFC (which I
hate to bring up again and am not trying to start that discussion again
now), I showed that to securely add a key to the root zone, given its
parameters, you need to publish new keys for 53 days, not 30 (the
hold-down timer). So please pick a longer period than one month should
your proposed plan get adopted.
--
Wes Hardaker
USC/ISI
More information about the ksk-rollover
mailing list