On Wed, May 31, 2017 at 07:44:46PM +0000, Edward Lewis wrote: > I ask because of the issues raised in the thread regarding the number of keys > assumed in the operation. Automated Updates apparently (to me) was defined > with more than one active secure entry point in mind, but in practice, the > only operating example I've witnessed of Automated Updates relies on a single > active secure entry point. >
Remember that when DNSEXT selected the TA rollover mechanism, many of us believed that signing the root was a pipe dream akin to the single trust anchor for the RPKI. Best regards, A -- Andrew Sullivan [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
