[ksk-rollover] Retention of the 2010 KSK
Stephen Morris
sa.morris8 at gmail.com
Thu Mar 28 14:14:07 UTC 2019
> On 28 Mar 2019, at 14:45, Geoff Huston <gih at apnic.net> wrote:
> :
> I am happy to provide my strong indicator to retain the KSK until further notice. We have not given up yet on the dream of dusting off some dormant resolver that has a trusted key state of KSK 2010 and using some signed chain mechanism that would automate the installation of trust in the current key. If the old key is destroyed then the dream gets destroyed too.
+1 to that. Unless there are any downsides to retaining the old key?
Stephen
More information about the ksk-rollover
mailing list