[ksk-rollover] Revoking KSK-2010 imminent
Paul Hoffman
paul.hoffman at icann.org
Sun Jan 6 18:04:33 UTC 2019
On Jan 6, 2019, at 9:47 AM, StJohns, Michael <msj at nthpermutation.com> wrote:
>
> I haven’t been paying attention. Is anything being signed by ksk2010 anymore?
No.
> If not, then revoking it should be the very definition of a non-event.
...assuming that all software has implemented RFC 5011 completely correctly. We are not assuming that, which is why we will be looking for problems after the publication. This will be the first time that root zone will have a record with the revoke bit set in any DNSKEY record.
--Paul Hoffman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3915 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190106/1812b47f/smime-0001.p7s>
More information about the ksk-rollover
mailing list