On 8 Oct 2012, at 11:32, Will Hargrave wrote: > > On 8 Oct 2012, at 11:25, Brandon Butterworth <[email protected]> wrote: > >>> No - we just won't use DNSSEC! >> Just don't use Verisign. > > > All this hyperbole is smart and funny and all but that's not how software / > business method patents work... > > >
Surely you would just do a KSK rollover using the DS record from the new vendor. Then there is no need to transfer the key. For parents which don't support multiple KSKs this could be tricky, timing your RRSIG TTLs. However, for parents which support multiple KSKs there should be no problem. I think ;-) Scott Armitage
PGP.sig
Description: This is a digitally signed message part
