Hi all,RFC 6781 defines two modes for algorithm rollover: the conservative
approach and the liberal approach.And the relevant description is given on page
29 of RFC 6781 as follows: However, there are implementations of validators
known to follow the more conservative approach. Performing a
Double-Signature KSK algorithm rollover will temporarily make your zone
appear as Bogus by such validators during the rollover. Therefore, the
rollover described in this section will explain the stages of deployment and
will assume that the conservative approach is used.Is this distinction still
necessary today, or is it possible to adopt the same approach as for ZSK/KSK
rollover?BR,Cathy
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
