[ksk-rollover] will there be another keyrollover?
Michael Richardson
mcr+ietf at sandelman.ca
Fri Sep 2 01:10:15 UTC 2022
Paul Wouters via ksk-rollover <ksk-rollover at icann.org> wrote:
>> Anyone done any experiments with signed root using some of the NIST
>> candidates? RFC8806 keeps looking better and better to me.
> How does 8806 relate to this? do you mean signed root as in KSK/ZSK?
> Or do you mean the signing of the local root zone transfer (eg ZONEMD?)
> This message is on the ksk-rollover, I assue you mean the first, but
> 8806 isn't about that?
I mean, if the signed zone is loaded from disk, and rarely actually
transfered over the network, then maybe having huge-sized signatures
(which some NIST candidates feature) isn't so much a problem.
--
Michael Richardson <mcr+IETF at sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 515 bytes
Desc: not available
URL: <https://mm.icann.org/pipermail/ksk-rollover/attachments/20220901/151e57d2/signature.asc>
More information about the ksk-rollover
mailing list