[ksk-rollover] (Un)planning future KSK replacements
StJohns, Michael
msj at nthpermutation.com
Fri Mar 29 12:26:16 UTC 2019
*grumble* It’s not 5011s fault if the root zone does not currently include
standby keys.
Fortunately, that may be a shorter term issue. Mike
On Fri, Mar 29, 2019 at 12:38 Ray Bellis <ray at isc.org> wrote:
>
>
> On 29/03/2019 12:28, Salz, Rich via ksk-rollover wrote:
>
> > What is the purpose of doing a key rollover? I'll claim that it is
> > to help make sure you're ready to handle an unplanned situation. If
> > nothing goes wrong, then you don't need to change the key. If
> > something does go wrong you do need to react; the speed required
> > depends on the circumstances.
>
> Indeed - if you need to do it because the current key has been
> compromised then 5011 doesn't help at all because of the 30 day
> hold-time timer.
>
> Ray
>
>
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190329/e58c01d6/attachment.html>
More information about the ksk-rollover
mailing list