On Wed, 9 Sep 2009, Ondřej Surý wrote:
At first they had removed .PR key from ITAR and after that they had added new key - it didn't look like regular well planned rollover.
No, they first added the new key to their zone on Aug 19. Then they removed the old key from their zone on Sep 4. But even now, they are still refering to the old key themselves at some places, such as: http://dnssec.nic.pr/serverconf.php (Also their SSL negotiation on https://dnssec.nic.pr/ is still failing)
Also if .PR knew that their key is in DLV registry, that should exchange their key in DLV as well.
Yes. Anyone with a key in the DLV should make sure its updated before they remove the old key. I too believe that's a mistake from the PR people. Paul _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
