In message <c6cc4f6b.15aa4%[email protected]>, Kim Davies writes: > On 8/09/09 6:07 PM, "Mark Andrews" <[email protected]> wrote: > >>=20 > >> As for when the current .PR key was listed on the interim trust anchor > >> repository at IANA, 2009-09-01 21:45:06.072 UTC would be the precise tim= > e. > >=20 > > So ITAR consumers had 2 days to respond to this key rollover event. > > Did PR inform you immediately the DNSKEY was added to the PR zone? > > What happened in the 14 days between the DNSKEY being added to the > > zone and it appearing in ITAR? > > The ITAR listing process is essentially automatic, but relies on the TLD > operator actually submitting a request to list via a web form. It is up to > the TLD operator to submit trust anchors to us when they are ready. The onl= > y > check we do is we will not list a trust anchor until there is a matching > DNSKEY in their zone. > > We have no unique insight into the key management policies of the TLD > operators. We do not monitor TLD zones for DNSKEYs that are not in the ITAR > and give them courtesy notes that they are absent (maybe we should?). > > I think the questions on rollover planning are best left for each TLD to > provide, it is not something we have any restrictions on. > > kim
So PR took 14 days to submit to ITAR then pulled the old one 2 days later leaving a effective rollover period of 2 days for anyone using ITAR. I've talked to the DLV project manager and PR's DLV record is now updated. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
