IETF Logo Mail Archive

Re: [dnsext] historal root keys for upgrade path?

Jakob Schlyter <jakob@kirei.se> Wed, 02 February 2011 09:34 UTC

Return-Path: <jakob@kirei.se>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF7893A7147 for <dnsext@core3.amsl.com>; Wed, 2 Feb 2011 01:34:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.199
X-Spam-Level:
X-Spam-Status: No, score=-2.199 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P+-UBSQWOVuQ for <dnsext@core3.amsl.com>; Wed, 2 Feb 2011 01:34:25 -0800 (PST)
Received: from spg.kirei.se (gomi.kirei.se [91.206.174.9]) by core3.amsl.com (Postfix) with ESMTP id DE2923A7146 for <dnsext@ietf.org>; Wed, 2 Feb 2011 01:34:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kirei.se; s=spg20100524; h=received:subject:mime-version:content-type:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to:x-mailer; bh=MWZugShCrjM25o7HnSrDspnOUNwnX9ejiDKMW+JOpGA=; b=zJbRmtAQt9KPyZkZALP6kgC5//MWZLxOudkaXmK8ZVJwT/7bIhP1BFoDrkbsfURAMyD52rN/0zBZV 59ySQAs8oO5GQp9JvljtFajsewDUNyFvFATt8obgH6t09Fz6g+KdJaNvr2xrLYDvaGegvn5nbvBna9 dfTtlhtWP+5Anqoo=
Received: from mail.kirei.se (unknown [91.206.174.10]) by spg.kirei.se (Halon Mail Gateway) with ESMTPS; Wed, 2 Feb 2011 10:37:41 +0100 (CET)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Jakob Schlyter <jakob@kirei.se>
In-Reply-To: <AANLkTi=BtqV3XF-yXhDBNd7hPCbJCWKuS-WsO=_nf6g3@mail.gmail.com>
Date: Wed, 02 Feb 2011 10:37:38 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <EC6DC378-D10D-45FC-B9FB-8D43A780A9EC@kirei.se>
References: <alpine.LFD.1.10.1101251250040.30991@newtla.xelerance.com> <17A80F45-52CB-43F6-BD4A-3488821F6933@hopcount.ca> <3A1DEE95-8C8E-4C89-97EB-6D8F799ADE25@virtualized.org> <583A62B0-0DBF-469A-AF8A-B81DEDD1E7E2@dotat.at> <86B1D38A-C274-4335-B30E-3C5C0DF05C38@hopcount.ca> <4D45DE93.9090508@vpnc.org> <AANLkTinbjRebooyqWMpZ2oTudruoDSGqgaXXr35WPYVH@mail.gmail.com> <AANLkTikiqe2K4S-dNsyQZ-xp71J4bM11SsahwpxfDKCX@mail.gmail.com> <4C747F08-A9E8-46E6-AE76-0A999A16D276@hopcount.ca> <AANLkTinOtx88vK3mz-w=uw1CnsKwm=c-nTDOsj=5JAPY@mail.gmail.com> <B4F822D3-F4D6-4657-B299-075B89B5CC86@hopcount.ca> <AANLkTi=BtqV3XF-yXhDBNd7hPCbJCWKuS-WsO=_nf6g3@mail.gmail.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
X-Mailer: Apple Mail (2.1082)
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dnsext@ietf.org
Subject: Re: [dnsext] historal root keys for upgrade path?
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Feb 2011 09:34:26 -0000

On 31 jan 2011, at 20.37, Phillip Hallam-Baker wrote:

> I know that it is fashionable to roll keys every so often. But in the case of a root key it causes more problems than it solves. 

I could not agree with you more - vanity key rollovers are not useful.

	jakob

v2.23.0 | Report a Bug | By Email