> On 11 May 2022, at 12:53, Anand Buddhdev <[email protected]> wrote:
>
> On Tuesday 3 May, we performed a DNSSEC Key Signing Key (KSK) roll-over for
> all the zones that we maintain and sign. During this roll-over, we dropped
> the Zone Signing Keys (ZSKs), and began signing the zones with just their new
> KSKs. Technically, these keys are the same as any other KSKs, but since they
> sign the entire zone, and there's no ZSK, such KSKs are informally known as
> Combined Signing Keys (CSKs).
Many thanks for the update Anand.
Could you give a bit more detail on why you decided to dump the ZSKs? Was it
just a matter of having fewer keys to manage and fewer moving parts that could
break?
--
To unsubscribe from this mailing list, get a password reminder, or change your
subscription options, please visit:
https://lists.ripe.net/mailman/listinfo/dns-wg
