[ksk-rollover] Revoking KSK-2010 imminent
StJohns, Michael
msj at nthpermutation.com
Sun Jan 6 18:11:59 UTC 2019
On Sun, Jan 6, 2019 at 13:04 Paul Hoffman <paul.hoffman at icann.org> wrote:
> On Jan 6, 2019, at 9:47 AM, StJohns, Michael <msj at nthpermutation.com>
> wrote:
> >
> > I haven’t been paying attention. Is anything being signed by ksk2010
> anymore?
>
> No.
>
> > If not, then revoking it should be the very definition of a non-event.
>
> ...assuming that all software has implemented RFC 5011 completely
> correctly. We are not assuming that, which is why we will be looking for
> problems after the publication. This will be the first time that root zone
> will have a record with the revoke bit set in any DNSKEY record.
>
> --Paul Hoffman
So you’re telling me that no one got copies of all of the various
resolvers and tried to feed them a revoked key of any sort?
Strange. Mike
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190106/7c904148/attachment.html>
More information about the ksk-rollover
mailing list