[dns-wg] New on RIPE Labs: DNSSEC Algorithm Roll-over
- Next message (by thread): [dns-wg] revised agenda for RIPE71
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mirjam Kuehne
mir at ripe.net
Fri Nov 6 15:18:13 CET 2015
Dear colleagues, Rolling over the algorithm (usually to a stronger variant) used to sign a DNS zone isn't as easy as regular key roll-overs. This is because some DNSSEC validators are less forgiving than others, and fail validation unless the right combination of keys and signatures is present in a zone. This new article on RIPE Labs describes our experiences with DNSSEC algorithm roll-over: https://labs.ripe.net/Members/anandb/dnssec-algorithm-roll-over We hope that our experience will help others who may be considering doing this. Kind regards, Mirjam Kuehne RIPE NCC
- Next message (by thread): [dns-wg] revised agenda for RIPE71
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]