[ksk-rollover] Revoking KSK-2010 imminent
Michael StJohns
msj at nthpermutation.com
Mon Jan 7 03:48:32 UTC 2019
On 1/6/2019 5:24 PM, David Conrad wrote:
> Mike,
>
> On Jan 6, 2019, at 10:11 AM, StJohns, Michael <msj at nthpermutation.com> wrote:
>> So you’re telling me that no one got copies of all of the various resolvers and tried to feed them a revoked key of any sort?
> Could you point me to the exhaustive universal catalog of all resolvers used on the Internet?
>
> Thanks,
> -drc
>
>
So you're saying that ICANN didn't make one of those during trying to
figure out how to do the rollover and revisit it when you delayed the
rollover?
Seriously though - "all the various resolvers" is a pretty small set and
I seem to remember a pretty exhaustive fingerprinting effort some 5-6
years ago that had a pretty good identification of not only the base
server types (e.g. bind, nominum, etc), but the various release branches.
In any event, the answer to my first question appears to be "we managed
to get most of the base servers, but your mileage may vary because
they're sensitive to configuration". That's fine.
Later, Mike
More information about the ksk-rollover
mailing list