[ksk-rollover] RFC 5011 will not be implemented in Dnsmasq
Tony Finch
dot at dotat.at
Mon Jan 7 14:55:35 UTC 2019
Peter van Dijk <peter.van.dijk at powerdns.com> wrote:
>
> The message already describes the right solution. There is no work to be
> done here.
Yes, from the protocol point of view.
What is still to do is determining how root key rollovers will be handled
in the future, i.e. when (how frequently) keys are generated, when public
keys are promulgated out of band, when they appear in the root zone, etc.
usw. [I favour annual rollovers, with keys generated and promulgated out
of band a few years in advance, and at most two KSKs in the root zone at
any time.]
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
East Sole, Lundy, Fastnet: Westerly veering northwesterly later, 5 or 6.
Moderate, occasionally slight. Drizzle for a time. Good, occasionally
moderate.
More information about the ksk-rollover
mailing list