Hi,
On 13/02/2026 13:07, Peter Thomassen via Datatracker wrote:
This message starts a dnsop WG Call for Adoption of:
draft-fobser-dnsop-dnssec-keyrestore-01
This Working Group Call for Adoption ends on 2026-02-27
Abstract:
This document describes the issues surrounding the handling of DNSSEC
private keys in a DNSSEC signer. It presents operational guidance in
case a DNSSEC private key becoming inoperable.
I am in favour of adoption.
Although HSM usage is prominently mentioned in the introduction, I
believe it can be diminished to just one example of private key absence.
Having a thought out informational document for this kind of procedure
could be very valuable when needed.
The current alternatives are tribal knowledge (if present) or going
insecure.
Best regards,
-- Yorgos
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
