[ksk-rollover] Revoking KSK-2010 imminent
msj at nthpermutation.com
Sun Jan 6 18:11:59 UTC 2019
On Sun, Jan 6, 2019 at 13:04 Paul Hoffman <paul.hoffman at icann.org> wrote:
> On Jan 6, 2019, at 9:47 AM, StJohns, Michael <msj at nthpermutation.com>
> > I haven’t been paying attention. Is anything being signed by ksk2010
> > If not, then revoking it should be the very definition of a non-event.
> ...assuming that all software has implemented RFC 5011 completely
> correctly. We are not assuming that, which is why we will be looking for
> problems after the publication. This will be the first time that root zone
> will have a record with the revoke bit set in any DNSKEY record.
> --Paul Hoffman
So you’re telling me that no one got copies of all of the various
resolvers and tried to feed them a revoked key of any sort?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ksk-rollover