[dnssec-deployment] new .gov key: test or production?
paul.hoffman at vpnc.org
Wed Jan 7 11:21:20 EST 2009
At 6:59 AM -0500 1/7/09, Scott Rose wrote:
>I noticed that yesterday too, I would consider it a test until an
>announcement is made. It might change unexpectedly (rollover tests, etc.)
TLDs doing this kind of testing is clearly related to the thread on TARs, particularly on "automatic updating" TARs. Given the nature of the deployed DNSSEC resolvers and trust anchors, rollovers that change keys without doing 5011-style updating could have a huge negative impact on a resolver that is using an old TAR.
--Paul Hoffman, Director
More information about the Dnssec-deployment