[Dnssec-deployment] Root key rolling (was NIST guidance as to DNSSEC and others)
David Conrad
drc at virtualized.org
Mon Feb 6 15:23:34 EST 2012
On Feb 6, 2012, at 11:35 AM, Steve Crocker wrote:
> Conflating emergency, disruptive key changes with planned, non-disruptive key rolls seems like a substantial mistake to me.
Not to be a broken record, but given the implications of a root key compromise/loss, I feel any root key roll (scheduled or not) should be treated as an exceptional event. Every root key roll has the potential to be extremely disruptive. The idea that we would use root key rolls as a means to test DNS servers seems ... questionable to me.
Regards,
-drc
More information about the Dnssec-deployment
mailing list