[dns-wg] Re: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
Patrik Wallstrom pawal at blipp.com
Thu Jan 3 17:16:21 CET 2008
On Thu, 03 Jan 2008, Holger Zuleger wrote: >> New key signing key (KSK) for .SE >> As from today, 2008-01-03 .SE publish and take into use a new KSK for >> signing the .SE zone file. The key published with start 2006 with key >> id = 17686 is unvalid since 2008-01-01 and will be removed >> 2008-02-01. You should have configured the key published with start > Would it be possible to set the REVOKE Bit on that key, and announce it for > another 30 days? There was no time to fix this for this rollover. Next time. > Doing so enables a rfc5011 aware validator to discard the key automatically > from the list of possible trust anchor. Which resolvers honors the revocation bit? To my knowledge, no swedish resolver operators are using such software yet. -- patrik_wallstrom->foodfight->pawal at blipp.com->+46-733173956 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://lists.ripe.net/ripe/mail/archives/dns-wg/attachments/20080103/7ce26ea2/attachment.sig>
[ dns-wg Archives ]