[ksk-rollover] Stand-by KSK for algorithm rollover

Davey Song(宋林健) ljsong at biigroup.cn
Wed Apr 10 10:31:33 UTC 2019

Hi folks, 


I noticed that no stand-by KSK is pre-published in 2017-ksk rollover, right?
I put it due to the limitation of size of DNS response. Any other concerns
on stand-by KSK in real production network? 


Now I’m planning to put a stand-by key in algorithm rollover in my lab
test. Because I think ECDSA saves much space than RSA, so maybe it is time
to consider Stand-by key for algorithm rollover. Is there any special
consideration should be taken care for stand-by key in algorithm rollover.
Thanks in advance.


Best regards,


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190410/8e92877e/attachment.html>

More information about the ksk-rollover mailing list