IETF Logo Mail Archive

Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Idea (tm)

Olaf Kolkman <olaf@NLnetLabs.nl> Wed, 07 October 2009 09:31 UTC

Return-Path: <olaf@NLnetLabs.nl>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A1ADE3A6A4F for <dnsop@core3.amsl.com>; Wed, 7 Oct 2009 02:31:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.528
X-Spam-Level:
X-Spam-Status: No, score=-2.528 tagged_above=-999 required=5 tests=[AWL=0.072, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J8u5AXaCtAEx for <dnsop@core3.amsl.com>; Wed, 7 Oct 2009 02:31:41 -0700 (PDT)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by core3.amsl.com (Postfix) with ESMTP id 37FE33A698E for <dnsop@ietf.org>; Wed, 7 Oct 2009 02:31:41 -0700 (PDT)
Received: from [IPv6:2001:67c:64:42:226:bbff:fe0e:7cc7] ([IPv6:2001:67c:64:42:226:bbff:fe0e:7cc7]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.3/8.14.3) with ESMTP id n979XFLM051735 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Wed, 7 Oct 2009 11:33:16 +0200 (CEST) (envelope-from olaf@NLnetLabs.nl)
Mime-Version: 1.0 (Apple Message framework v1076)
Content-Type: multipart/signed; boundary="Apple-Mail-16--424595061"; protocol="application/pkcs7-signature"; micalg="sha1"
From: Olaf Kolkman <olaf@NLnetLabs.nl>
In-Reply-To: <FB20C78E-3A72-409C-8406-2B8A00923783@NLnetLabs.nl>
Date: Wed, 07 Oct 2009 10:33:15 +0100
Message-Id: <327852D7-C702-4E05-B954-25F66D8DFFE6@NLnetLabs.nl>
References: <1C586E51-D77C-406C-9B89-47276A9B41B2@ICSI.Berkeley.EDU> <p06240812c6f160ac1fb2@10.20.30.158> <d3aa5d00910061408y191bf863p48a6ec703553b67e@mail.gmail.com> <FB20C78E-3A72-409C-8406-2B8A00923783@NLnetLabs.nl>
To: Olaf Kolkman <olaf@NLnetLabs.nl>
X-Mailer: Apple Mail (2.1076)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]); Wed, 07 Oct 2009 11:33:17 +0200 (CEST)
Cc: "namedroppers@ops.ietf.org WG" <namedroppers@ops.ietf.org>, Eric Rescorla <ekr@rtfm.com>, Nicholas Weaver <nweaver@icsi.berkeley.edu>, dnsop@ietf.org, Paul Hoffman <paul.hoffman@vpnc.org>
Subject: Re: [DNSOP] [dnsext] Why ZSK rollover is a Bad Idea (tm)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Oct 2009 09:31:42 -0000

On Oct 7, 2009, at 9:23 AM, Olaf Kolkman wrote:

>  hope I can address a few of the issues before Yokohama.

s/Yokohama/Hiroshima/

Should I call my travel office? ;-)

--Olaf






________________________________________________________

Olaf M. Kolkman                        NLnet Labs
                                        Science Park 140,
http://www.nlnetlabs.nl/               1098 XG Amsterdam

v2.45.0 | Report a Bug | By Email | System Status