[dns-wg] Algorithm Upgrade for RIPE NCC DNS Zones
- Previous message (by thread): [dns-wg] 13 new zones added to DNSMON
- Next message (by thread): [dns-wg] Algorithm Upgrade for RIPE NCC DNS Zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anand Buddhdev
anandb at ripe.net
Mon Dec 21 13:51:29 CET 2015
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear colleagues, I am happy to report that we have completed the roll-over of the keys of all our zones, and upgraded the signatures to RSA/SHA256. Regards, Anand Buddhdev RIPE NCC On 26/11/15 12:01, Anand Buddhdev wrote: > Dear colleagues, > > All the zones maintained by the RIPE NCC are signed with the > RSA/SHA1 algorithm. At the RIPE 70 meeting we committed to upgrade > the algorithm of all our zones. > > We required an updated version of our signer software that could > sign a zone with two different algorithms at the same time. We then > needed to test it, to ensure that we could switch algorithms > without causing major validation errors. We published a RIPE Labs > article about our experiences here: > > https://labs.ripe.net/Members/anandb/dnssec-algorithm-roll-over > > We are happy to announce that we are now ready to roll the keys of > all our zones and sign them with the RSA/SHA256 algorithm. We will > follow the process described in the RIPE Labs article. We plan to > begin the roll-over on Monday, 30 November 2015. We would still > like to exercise caution, so we will not roll the keys of all zones > at the same time. We will do this in batches, starting with a small > number of reverse DNS zones of the RIPE Meeting address space. > > If you have any questions, please send an email to <dns at ripe.net>. > > Regards, > > Anand Buddhdev RIPE NCC > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWd/XRAAoJEBXgoyUMySoFt+IP+QERNpy8jPqLkIVe51/55yga XxgUFHkFUiZ2FsVf7OIWvU3bCK4thKSjidGb3cYwkwG/i5xEzXkEn6jhj6m++ZJD lyg65TnQRTJ6eZZ8TfoXrfSC8QMQlFh1RB0zZhLbfeaUkFBksj2DuiwLbYLtSrU1 Iiadh2rOeMO0xTG6JecCn8QCjQQhfG1c/tnKF21gfTo0azd3lT0y8WeQ2b1anir0 UiewFpsi19yEUKaUCYrif9QU61UPR1oKa+LhQuvGMAc7jZ0E5Jqnu3AwyHOlbR20 gobLtkbvdOnwc3sTzPABEs9R6Q2pjKsdAfqVxNiUfNoHPXhYyy3FHdjPclW0ztmx q839jk+aXY7t8oc2EqRkVtT5vk4gAVPesrMJBQZbXlXj8HVs8+G0ytrmTzpok8QD qULAuxRHEgD5LLzHxzutK33UPTPSxgRau8xPMAUwhmmiLudKREOyP29Tx6JFR99B c8lIeXgJu2Hj5dAzP/D1lmiKdwuyHb0nnd8q2+m97gTA9ljExozLDHoGnxmb2rAh 3EOizejloRDBrCS3/ugInAVyKRKyOUZyLNOjYoI3IsVGL3Gxys/5Bk4VcGnOKd6i poexaZokM8l3WTugtbhkmwOS3qi3llZIXrFDsvsKpKMkLDaB/nXsImPRGpwDGjyo ltLT3p91fWYusjKJU/IK =KJMr -----END PGP SIGNATURE-----
- Previous message (by thread): [dns-wg] 13 new zones added to DNSMON
- Next message (by thread): [dns-wg] Algorithm Upgrade for RIPE NCC DNS Zones
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]