On 25-Aug-2009, at 10:53, Todd Glassey wrote:
Joe - the question becomes one of the integrity of the records process
Yes, that's my point.
That said there are all kinds of PKI Operations Practice reasons including "its part of our policy to roll keys periodically"
If there's no practical motivation to roll keys, then let's not do it. Rolling keys is a pain.
If there *is* a practical motivation to roll keys, then let's not infer any trust at all from old keys.
Joe _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
