[ksk-rollover] (Un)planning future KSK replacements
Ray Bellis
ray at isc.org
Fri Mar 29 12:44:06 UTC 2019
On 29/03/2019 13:26, StJohns, Michael wrote:
> *grumble* It’s not 5011s fault if the root zone does not currently
> include standby keys.
No slight at you intended, Mike :)
> Fortunately, that may be a shorter term issue. Mike
If standby keys become a thing, would it perhaps be useful if keys were
pre-published as CDNSKEY / CDS records in the root so that they can be
distributed without causing additional computational load on validators
or bloating of the DNSKEY RR set?
Ray
More information about the ksk-rollover
mailing list