[dnssec-deployment] Ny nyckelsigneringsnyckel (KSK) för .SE - New key signing key (KSK) for .SE
pawal at blipp.com
Thu Jan 3 11:16:21 EST 2008
On Thu, 03 Jan 2008, Holger Zuleger wrote:
>> New key signing key (KSK) for .SE
>> As from today, 2008-01-03 .SE publish and take into use a new KSK for
>> signing the .SE zone file. The key published with start 2006 with key
>> id = 17686 is unvalid since 2008-01-01 and will be removed
>> 2008-02-01. You should have configured the key published with start
> Would it be possible to set the REVOKE Bit on that key, and announce it for
> another 30 days?
There was no time to fix this for this rollover. Next time.
> Doing so enables a rfc5011 aware validator to discard the key automatically
> from the list of possible trust anchor.
Which resolvers honors the revocation bit? To my knowledge, no swedish
resolver operators are using such software yet.
patrik_wallstrom->foodfight->pawal at blipp.com->+46-733173956
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20080103/7ce26ea2/attachment.bin
More information about the Dnssec-deployment