[dns-wg] RIPE NCC DNSSEC Key Maintenance: Preemptive Key Signing Key Rollover
-
From: Ruben van Staveren ruben@localhost, rir-dns@localhost, ops-workers@localhost
-
Date: Thu, 14 Sep 2006 15:16:15 +0200
-
Mail-followup-to: Ruben van Staveren ruben@localhost, dns-wg@localhost, rir-dns@localhost, ops-workers@localhost
-
Organisation: RIPE NCC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[Apologies for duplicate e-mails]
Dear Colleagues,
Due to the recently published weakness in PKCS 1.5 signatures in OpenSSL
RSA crypto, the RIPE NCC will be performing an key signing key (KSK)
rollover earlier than planned.
We have completed the first phase of the procedure and have published
the new Key Signing Keys (KSK's). The deprecated keys will remain valid for
a maximum of three months.
We recommend that you reconfigure any resolvers to use the new keys. You
can download them from:
https://www.ripe.net/projects/disi//keys/ripe-ncc-dnssec-keys-new.txt
The DNSSEC Key Maintenance Procedure is available at:
https://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html
The following references may be useful:
http://www.openssl.org/news/secadv_20060905.txt
http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
We thank you for your patience and apologise for any inconvenience this
maintenance may cause.
If you have any questions regarding this maintenance please e-mail:
ops@localhost.
Regards,
Ruben van Staveren
Operations Group
RIPE NCC
-----BEGIN PGP SIGNATURE-----
Comment: For info see https://www.ripe.net/rs/pgp/
iD8DBQFFCVSambreNIsOKy8RAsRWAJ9jVQT++r9aZ3b0sCAl+IMFaUQLrgCfTtFb
5Az85tIv7TrWHVYoyt4Wvto=
=tvtB
-----END PGP SIGNATURE-----
--
Ruben van Staveren RIPE Network Coordination Center
Operations Group Singel 258 Amsterdam NL
http://www.ripe.net +31 20 535 4444
PGP finger print 6501 4389 A675 477E DCE5 53D8 9108 49E2 DAFC 271B
|
you are here: RIPE -> RIPE Maillists > Archives
