About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] NTIA and RIPE

  • To: Patrik Fältström paf@localhost
  • From: Jakob Schlyter jakob@localhost
  • Date: Thu, 30 Oct 2008 10:28:45 +0400
  • Cc: Edward Lewis <Ed.Lewis@localhost, dns-wg@localhost
On 30 okt 2008, at 08.05, Patrik Fältström wrote:
a) It would be good if change of ZSK or KSK operator would NOT imply a silent period or _VERY_ complicated key rollover.
changing the holder of the ZSK (e.g. the root zone maintainer) doesn't have to be very complicated. some time before the change of maintainers, the new maintainer would submit its first set of ZSK to the KSK holder for signing and the old maintainer would include this in the root zone for some short period of time.
I do however believe that changing the holder of the KSK will be complicated, unless a proven automatic key rollover mechanism has been developed, implemented _and_ deployed. so while I wouldn't hold my breath waiting for this to happen, I hope that the initial KSK holder will be stable and that it is possible to transfer the KSK in case the holder needs to be changed. 

	jakob
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community