Re: [dns-wg] NTIA and RIPE
-
To: Jakob Schlyter jakob@localhost
-
From: Patrik Fältström paf@localhost
-
Date: Thu, 30 Oct 2008 10:34:08 +0400
-
Authentication-results: ams-dkim-1; header.From=paf@localhost dkim=pass ( sig from cisco.com/amsdkim1002 verified; );
-
Cc: Edward Lewis <Ed.Lewis@localhost, dns-wg@localhost
-
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=912; t=1225348450; x=1226212450; c=relaxed/simple; s=amsdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=paf@localhost z=From:=20=3D?ISO-8859-1?Q?Patrik_F=3DE4ltstr=3DF6m?=3D=20<p af@localhost |Subject:=20Re=3A=20[dns-wg]=20NTIA=20and=20RIPE |Sender:=20; bh=bHUuiilUyp5xwtdoRZXQh/KsIVZ3rIGSvqlijt0t9dI=; b=ipKmWOBMbt1BwcWEW7RVFizLMu8+oKhJqGFxNIkcZJHG9OsDM6us9/cJhf CRJcSRDNQe+MAIxZ0lxRBSy2IXHYebTHvglLtIdRm3V51caKdbY1wdQ9dYg+ 85q6eKI7EY;
On 30 okt 2008, at 10.28, Jakob Schlyter wrote:
I do however believe that changing the holder of the KSK will be
complicated, unless a proven automatic key rollover mechanism has
been developed, implemented _and_ deployed. so while I wouldn't hold
my breath waiting for this to happen, I hope that the initial KSK
holder will be stable and that it is possible to transfer the KSK in
case the holder needs to be changed.
Fair...
Now, we had this bullet:
K - Changes to the entities and roles in the signing process must not
require a change of keys.
Then I thought about changing it to the following:
K - Changes to the entities and roles in the signing process should
minimize issues related to potential changes in keys when the entities
changes.
Now, I am a bit confused... :-)
Jakob, Ed, others...do you have any suggestion on text?
Patrik
|
you are here: RIPE -> RIPE Maillists > Archives
