[Dnssec-deployment] [ENUM-NL] DNSSEC trust-anchor notice for 1.3.e164.arpa.

Marco Davids (SIDN) marco.davids at sidn.nl
Fri Jan 7 06:23:20 EST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[Apologies for any duplicate mails]

DNSSEC trust-anchor notice for 1.3.e164.arpa.

First and only notice!

To whom it may concern:

ENUM-zone 1.3.e164.arpa is signed with DNSSEC. Since no
trust-anchor has been published in the parent, the trust-anchor of this
zone was available via https://www.enum.nl/downloads/KSK-pub.txt.

This is to inform you that we have scheduled a key change, which will
render the current trust-anchor invalid.

If you have configured the 1.3.e164.arpa trust-anchor in your
validator(s), please remove it NOW or no later than January 11th 23:59 CET.

At the end of next week we will introduce a new key in the
1.3.e164.arpa-zone, which will have it's trust-anchor published in the
parent soon after.

Since we anticipate that only very few people have actually configured
the present trust-anchor (if any), we will *not* perform a full-blown
key roll-over. Instead we will simply remove the old key and introduce a
new one.

The new trust-anchor will not be published in an authenticated manner
outside DNS (for example on an SSL-protected web page as before),
because it will have it's DS record in the parent.

Thank you for your understanding.

With kind regards,

- -- 
Marco Davids
On behalf of ENUM NL
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0m94cACgkQXOb5yambhgnSGgCgpDvgMZ9Kd4cZs+g1oo8Y6ciI
XQAAnjWrNJtYY0WN7aAPxNYNsegYhaT4
=8eSF
-----END PGP SIGNATURE-----


More information about the Dnssec-deployment mailing list