[ksk-rollover] will there be another keyrollover?
Paul Wouters
paul at nohats.ca
Fri Sep 2 02:45:29 UTC 2022
On Sep 1, 2022, at 21:10, Michael Richardson <mcr+ietf at sandelman.ca> wrote:
>
>
>
> I mean, if the signed zone is loaded from disk, and rarely actually
> transfered over the network, then maybe having huge-sized signatures
> (which some NIST candidates feature) isn't so much a problem.
You are talking post quantum algorithms ? The ones that aren’t chosen yet by NIST, aren’t specified in RFCs and aren’t implemented in any software and aren’t deployed anywhere in resolvers ?
I think maybe the root should first roll to like algo 13 or something similar where there is operational experience.
Paul
More information about the ksk-rollover
mailing list