[ksk-rollover] new ksk and DNS software vendors

manu tman chantr4 at gmail.com
Thu Mar 28 16:23:49 UTC 2019

On Thu, Mar 28, 2019 at 5:16 PM Tony Finch <dot at dotat.at> wrote:

> manu tman <chantr4 at gmail.com> wrote:
> >
> > During the BoF session this morning, it was asked how long it would take
> > vendors to incorporate the new KSK in their software.
> > The few that spoke said it was a relatively short time.
> I think this will depend a lot on whether the patch is distributed as a
> routine change or as a security-critical fix. I think it won't look
> particularly good if the whole DNS gets a CVE every year just to roll the
> keys in a timely fashion :-)

:) yeah.
This is a discussion that is worth having with the distributions and see
what their take on this is. As mentioned in my original email, I would love
to hear from people closer to the distros.

There is already connection between software vendors and distros, so they
could maybe initiate this discussion.


> Tony.
> --
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> South Utsire, Forties: Southwesterly 5 or 6. Moderate or rough,
> occasionally
> slight. Fair. Good.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190328/b17e02c0/attachment.html>

More information about the ksk-rollover mailing list