[ksk-rollover] Revoking KSK-2010 imminent

StJohns, Michael msj at nthpermutation.com
Sun Jan 6 18:11:59 UTC 2019

On Sun, Jan 6, 2019 at 13:04 Paul Hoffman <paul.hoffman at icann.org> wrote:

> On Jan 6, 2019, at 9:47 AM, StJohns, Michael <msj at nthpermutation.com>
> wrote:
> >
> > I haven’t been paying attention.  Is anything being signed by ksk2010
> anymore?
> No.
> >  If not, then revoking it should be the very definition of a non-event.
> ...assuming that all software has implemented RFC 5011 completely
> correctly. We are not assuming that, which is why we will be looking for
> problems after the publication. This will be the first time that root zone
> will have a record with the revoke bit set in any DNSKEY record.
> --Paul Hoffman

So you’re telling me that no one got copies of all  of the various
resolvers and tried to feed them a revoked key of any sort?

Strange.  Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190106/7c904148/attachment.html>

More information about the ksk-rollover mailing list