[ksk-rollover] What KSK rollover methodology will be used today?
Mehmet Akcin
mehmet at akcin.net
Thu Oct 11 15:39:38 UTC 2018
We created a slack room for people to discuss and chat.
https://join.slack.com/t/kapany/shared_invite/enQtNDUwOTIzMDEwODM4LWE5NjNmOWRkMmQxYmYzYWU1YmI0ZmEwNWVlODllY2U1MGU5OTVhZDk4YjA1ZmFiN2VhYWI5ZWUyMGQ0YjU0OTc
You can join by clicking the link. This is not affiliated with ICANN nor
it's official in any form or shape. It's just few cool nerds hanging out
discussing post KSK roll impact
On Thu, Oct 11, 2018 at 4:19 AM Phil Regnauld <regnauld at nsrc.org> wrote:
> Matt Larson (matt.larson) writes:
> >
> >
> > > Does anyone know what is the method for changing the KSK rollover
> today? I have tried to look for it in ICNN documents but I unfortunately I
> could not find it.
> >
> > I'm not sure I understand your question about methodology. At 1600 UTC
> today, 11 October (or shortly thereafter), a root zone will be published
> with only the "new" KSK (called KSK-2017) signing the root zone's apex
> DNSKEY RRset. Currently the root zone's apex DNSKEY RRset is signed only
> with the soon-to-be "old" KSK (called KSK-2010). The publication of this
> root zone implements the root KSK rollover.
>
> To complement your answer, we can say this is a "pre-publish" type
> rollover (as opposed to a double signature one) -- if that was what
> Suhayb was referring to.
>
> Cheers,
> Phil
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20181011/88633ff7/attachment.html>
More information about the ksk-rollover
mailing list