On Thu, Jan 2, 2020 at 9:38 PM Wessels, Duane <[email protected]> wrote: > > On Dec 28, 2019, at 8:50 AM, Matt Nordhoff <[email protected]> wrote: > > On Mon, Oct 14, 2019 at 6:34 PM Wessels, Duane via dns-operations > > <[email protected]> wrote: > >> All, > >> > >> Verisign is in the process of increasing the size and strength of > >> the DNSSEC Zone Signing Keys (ZSKs) for the top-level domains that > >> it operates. As part of this process, the ZSK for the .COM zone will > >> be increased in size from 1024 to 1280 bits. > >> > >> On October 10, 2019 the 1280 bit ZSK was pre-published in the .COM zone. > >> On October 15, we plan to sign the .COM zone with the 1280 bit ZSK. > >> On October 20, we plan to remove the old 1024 bit ZSK from the zone. > > > > D'y'all have an updated ETA on step 3? > > > > Matt, > > My apologies for the incorrect information in the initial message. The old > 1024-bit ZSK was post-published for an extended period of time. It was > removed > as of Jan 1. > > DW
[insert GitHub party popper emoji] That's great news. Congratulations on completing the upgrade! :-) Once the RRSIG on the previous DNSKEY record set expires in 9 days, 1024-bit RSA on Verisign-operated TLDs will be absolutely dead and buried. :-) -- Matt Nordhoff _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
