[Dnssec-deployment] Root key rolling (was NIST guidance as to DNSSEC and others)
dougb at dougbarton.us
Tue Feb 7 21:20:35 EST 2012
On 02/06/2012 21:51, Joe Abley wrote:
> In every case where I was present that was received as an adequate
> answer. Which is not to say there were not people who were strong
> proponents of rolling the key early and often in order to exercise
> the machinery, but there were no objections voiced to me about the
> actual plan as described above, and no counter-proposals received.
Actually I'm pretty sure that "roll it a few times in the first year of
deployment" WAS the counter-proposal. :) It's unfortunate that this
didn't happen at the time, but now (IMO) it's too late.
It's always a long day; 86400 doesn't fit into a short.
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the Dnssec-deployment