-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Paul,
I encourage making the 4641 document more up to date and adding better definitions. However, one issue draw my attention: I am not sure if doing key rollover in emergencies only is good practice, for a couple of reasons: * All keys have an expected lifetime. After the lifetime, you may expect a key to be compromised. Because you cannot easily suspect this until harm is being done, I say its better to prevent than to fix. So do key rollover only when the keys lifetime is running out, (inclusive) or it is suspected that the key has been compromised. * If keys that act as trust anchors have a long lifetime (effective period), key rollover is hardly operated. Doing key rollover periodically, not only for KSKs that do not act as trust anchors, gives us more operational practice. * Besides, you cannot know if a resolver will pick up your KSK as a trust anchor, so you should consider that all your KSKs can be used a trust anchor. * Change of zonedata size or local policies might mean that a change in KSK is made (longer key, different algorithm...) Regards, Matthijs Paul Hoffman wrote: > Because of the difficulty of getting all users of a trust anchor to > replace an old trust anchor with a new one, a KSK that is a trust > anchor should never be rolled unless it is known or strongly > suspected that the key has been compromised. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI4KkyIXqNzxRs6egRAmRBAJ0ZcZGEqbSjTPb2O21IbetS24SyxwCZAcNi OwY52IY/ofrAzxcuAKOTP/s= =P3vk -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
