[ksk-rollover] Retention of the 2010 KSK

Stephen Morris sa.morris8 at gmail.com
Thu Mar 28 14:14:07 UTC 2019


> On 28 Mar 2019, at 14:45, Geoff Huston <gih at apnic.net> wrote:
> :
> I am happy to provide my strong indicator to retain the KSK until further notice. We have not given up yet on the dream of dusting off some dormant resolver that has a trusted key state of KSK 2010 and using some signed chain mechanism that would automate the installation of trust in the current key. If the old key is destroyed then the dream gets destroyed too.

+1 to that.  Unless there are any downsides to retaining the old key?

Stephen



More information about the ksk-rollover mailing list