> On 25 Oct 2023, at 18:58, Joe Abley <[email protected]> wrote: > > On 25 Oct 2023, at 18:46, Johan Stenstam > <[email protected]> wrote: > >> I agree. But it is bad to design a system where the key CANNOT be rolled. > > I agree. I was just expressing doubt that you can find a single automated > mechanism that is appropriate to use in all possible compromise scenarios. > > For a hopefully rare event that might need careful handling, perhaps a good > manual plan is actually better.
I agree with this also.
And that functionality is already there. If you’re using BIND9 it is your
decision, in the update-policy {} section, whether to allow dynamic updates to
update the key (i.e. roll the key) or only update NS, glue and DS RRsets. My
own code does the same. And in most cases manual fallback in case of a key
compromise is likely the best option.
Johan
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
