[dns-wg] Re: [dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE

On Thu, 03 Jan 2008, Holger Zuleger wrote:

>> New key signing key (KSK) for .SE 
>> As from today, 2008-01-03 .SE publish and take into use a new KSK for
>> signing the .SE zone file. The key published with start 2006 with key
>> id = 17686 is unvalid since 2008-01-01 and will be removed
>> 2008-02-01. You should have configured the key published with start
> Would it be possible to set the REVOKE Bit on that key, and announce it for 
> another 30 days?

There was no time to fix this for this rollover. Next time.

> Doing so enables a rfc5011 aware validator to discard the key automatically 
> from the list of possible trust anchor.

Which resolvers honors the revocation bit? To my knowledge, no swedish
resolver operators are using such software yet.

-- 
patrik_wallstrom->foodfight->pawal at blipp.com->+46-733173956
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: </ripe/mail/archives/dns-wg/attachments/20080103/7ce26ea2/attachment.sig>