On Fri, Feb 12, 2010 at 02:28:41PM +0100, Olaf Kolkman wrote:
>
>
> In the particular case described in the columnm, RFC5011 methodology might
> not have worked; an old OS distribution carrying a stale key that is several
> generations old cannot be tracked using RFC5011 techniques. Wijngaards and
> Kolkman have been working on a proposal to fix that particular issue: "DNSSEC
> Trust Anchor History Service"
> (http://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history).
>
glad to see that work going forward. Manning and Yamaguchi are working
on
a similar set of techniques to deal with the unscheduled key rollover
issue
based in part on an expired draft that was an alternative to what
became RFC 5011.
i suspect that work is complimentary to either RFC 5011 or the -history
draft.
--bill
> -- Olaf Kolkman
> NLnet Labs
_______________________________________________
Unbound-users mailing list
[email protected]
http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
