Wes Hardaker <[email protected]> writes: > For what it's worth: I'm sort of on the fence when it comes to needing > to sign with the KSK. There are so very very few key-split owners out > there that it's not a huge market for them, and I doubt any of them will > want to do CDS anyway to their parent.
FYI: I meant to mention that there is a significant number of operators that do actually protect their keys with different levels of protection and keep their KSKs in a "better vault". Those folks might be a bit more perturbed if a ZSK could publish a new KSK. And there is more than a single-hand-count of them, unlike the ZSK/KSK ownership split. And yes, anywhere I said "KSK" you should read it as "key with the SEP bit set" -- Wes Hardaker Parsons _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
