On Thu, 16 Jun 2005 14:47:35 -0400 "Loomis, Rip" <[EMAIL PROTECTED]> wrote:
> <clueless *and* top-posting> > Okay, could you describe a situation where a KSK > rollover does *not* require replacement of trust > anchors? I must be missing something... > > </clueless *and* top-posting> > When a KSK is exclusivly used as a secure entry point by means of a DS pointing to it and when it is not configured to be used as a trust-anchor. You can never be sure that a KSK is not configured as a trunst anchor, anybody could have done so. Should we s/possibly/probably/ in the proposed text: Note that KSK rollovers and ZSK rollovers are different in the sense that a KSK rollover requires interaction with the parent (and possibly replacement of trust anchors) and the ensuing delay waiting for it. -- Olaf ---------------------------------| Olaf M. Kolkman ---------------------------------| RIPE NCC ---------------------------------| JID: olaf at jabber.secret-wg.org . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
