On Oct 7, 2009, at 2:44 PM, Eric Rescorla wrote:
From this perspective we might roll a ZSK more frequently than a
KSK because
the ZSK needs to be stored on-line to facilitate re-signing when
the zone
changes. With the KSK we have the option of keeping it off-line, and
arguably the risk
On Oct 7, 2009, at 9:23 AM, Olaf Kolkman wrote:
hope I can address a few of the issues before Yokohama.
s/Yokohama/Hiroshima/
Should I call my travel office? ;-)
--Olaf
Olaf M. KolkmanNLnet Labs
I already have posted a response to the original analysis by EKR,
which has much overlap with the comments sent to this list by Olaf.
Please see the original URL for the thread there, including
my reasoning about operational impact and human factors:
[from a namedroppers thread, re-pointed as per Olaf's suggestion below]
On 2009-10-07, at 09:23, Olaf Kolkman wrote:
On Oct 6, 2009, at 10:08 PM, Eric Rescorla wrote:
I don't have a general position on ZSKs--perhaps it's a good idea for
some other reason--but I don't
think that rolling the
Joe Abley wrote:
[from a namedroppers thread, re-pointed as per Olaf's suggestion below]
On 2009-10-07, at 09:23, Olaf Kolkman wrote:
On Oct 6, 2009, at 10:08 PM, Eric Rescorla wrote:
I don't have a general position on ZSKs--perhaps it's a good idea for
some other reason--but I don't
think
At 2:22 PM +0100 10/7/09, Joe Abley wrote:
From this perspective we might roll a ZSK more frequently than a KSK because
the ZSK needs to be stored on-line to facilitate re-signing when the zone
changes. With the KSK we have the option of keeping it off-line, and arguably
the risk of compromise
On Wed, Oct 7, 2009 at 6:22 AM, Joe Abley jab...@hopcount.ca wrote:
[from a namedroppers thread, re-pointed as per Olaf's suggestion below]
On 2009-10-07, at 09:23, Olaf Kolkman wrote:
On Oct 6, 2009, at 10:08 PM, Eric Rescorla wrote:
I don't have a general position on ZSKs--perhaps it's a
On 2009-10-07, at 16:25, Paul Hoffman wrote:
At 2:22 PM +0100 10/7/09, Joe Abley wrote:
From this perspective we might roll a ZSK more frequently than a
KSK because the ZSK needs to be stored on-line to facilitate re-
signing when the zone changes. With the KSK we have the option of
