[ksk-rollover] (Un)planning future KSK replacements
Michael Richardson
mcr+ietf at sandelman.ca
Sat Mar 30 12:24:34 UTC 2019
Evan Hunt <each at isc.org> wrote:
> I like this idea a lot.
ME TOO!
> CDS seems like it's probably more doable than CDNSKEY. IIRC, the IANA
> powers-that-be have been resistant in the past to pre-publishing public
> keys but more open to pre-publishing hashes.
pre-publishing hashes probably achieves all the results that those like me
want in being able to build a software release that will live for 5-10 years
on a shelf, while satisfying those who worry about brute force (or other?)
attacks on the keys.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190330/96d02d4a/signature.asc>
More information about the ksk-rollover
mailing list