[ksk-rollover] (Un)planning future KSK replacements

Michael Richardson mcr+ietf at sandelman.ca
Sat Mar 30 12:24:34 UTC 2019

Evan Hunt <each at isc.org> wrote:
    > I like this idea a lot.


    > CDS seems like it's probably more doable than CDNSKEY. IIRC, the IANA
    > powers-that-be have been resistant in the past to pre-publishing public
    > keys but more open to pre-publishing hashes.

pre-publishing hashes probably achieves all the results that those like me
want in being able to build a software release that will live for 5-10 years
on a shelf, while satisfying those who worry about brute force (or other?)
attacks on the keys.

]               Never tell me the odds!                 | ipv6 mesh networks [ 
]   Michael Richardson, Sandelman Software Works        | network architect  [ 
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190330/96d02d4a/signature.asc>

More information about the ksk-rollover mailing list