[ksk-rollover] Stand-by KSK for algorithm rollover
Davey Song(宋林健)
ljsong at biigroup.cn
Wed Apr 24 09:18:03 UTC 2019
Hi folks,
For your information, I setup a testing page for the second lab test of
algorithm rollover: https://yeti-dns.org/alg-roll-test.html . The difference
between the first trial and the second is that we add stand-by key and have
a powerDNS resolver in this testbed. This experiment will start from April
29th and end on 1st of Jun. If you are interested, please join us and
follow the instruction on the page.
**Note that the experiment will start on April 29th, 0200 UTC when new KEY
and signatures will be published. Resolvers setup after that time are not
able to roll automatically.**
Best regards,
Davey
发件人: Davey Song(宋林健) [mailto:ljsong at biigroup.cn]
发送时间: 2019年4月10日 18:32
收件人: 'ksk-rollover at icann.org'
主题: Stand-by KSK for algorithm rollover
Hi folks,
I noticed that no stand-by KSK is pre-published in 2017-ksk rollover, right?
I put it due to the limitation of size of DNS response. Any other concerns
on stand-by KSK in real production network?
Now I’m planning to put a stand-by key in algorithm rollover in my lab
test. Because I think ECDSA saves much space than RSA, so maybe it is time
to consider Stand-by key for algorithm rollover. Is there any special
consideration should be taken care for stand-by key in algorithm rollover.
Thanks in advance.
Best regards,
Davey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190424/d04f2abd/attachment.html>
More information about the ksk-rollover
mailing list