IETF Logo Mail Archive

[DNSOP] KSK rollover

"George Barwood" <george.barwood@blueyonder.co.uk> Thu, 13 May 2010 07:56 UTC

Return-Path: <george.barwood@blueyonder.co.uk>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AEE083A68C3 for <dnsop@core3.amsl.com>; Thu, 13 May 2010 00:56:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 4.694
X-Spam-Level: ****
X-Spam-Status: No, score=4.694 tagged_above=-999 required=5 tests=[AWL=1.499, BAYES_50=0.001, HELO_EQ_BLUEYON=1.4, MIME_BASE64_BLANKS=0.041, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FROMFs0DRIF2 for <dnsop@core3.amsl.com>; Thu, 13 May 2010 00:56:16 -0700 (PDT)
Received: from smtp-out5.blueyonder.co.uk (smtp-out5.blueyonder.co.uk [195.188.213.8]) by core3.amsl.com (Postfix) with ESMTP id 6C12E3A6ABB for <dnsop@ietf.org>; Thu, 13 May 2010 00:56:16 -0700 (PDT)
Received: from [172.23.170.139] (helo=anti-virus01-10) by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52) id 1OCTH3-0007Mc-Qf for dnsop@ietf.org; Thu, 13 May 2010 08:56:05 +0100
Received: from [92.238.99.235] (helo=GeorgeLaptop) by asmtp-out1.blueyonder.co.uk with esmtpa (Exim 4.52) id 1OCTH2-000556-MX for dnsop@ietf.org; Thu, 13 May 2010 08:56:04 +0100
Message-ID: <A865F793EED745D2B5F15A33F9467EEA@local>
From: George Barwood <george.barwood@blueyonder.co.uk>
To: dnsop@ietf.org
Date: Thu, 13 May 2010 08:56:03 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5931
Subject: [DNSOP] KSK rollover
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2010 07:56:17 -0000

I have been thinking about KSK rollover in my DNSSEC implementation, and it seems
that there is currently no  specification for KSK rollover within the DNSSEC protocol.

There is this expired requirements draft

http://tools.ietf.org/wg/dnsop/draft-ietf-dnsop-key-rollover-requirements/

but that's all I found.

Have I missed something? It seems to me that this is a rather vital component if
DNSSEC is to be widely deployed.

Are there any plans to revive and/or implement these requirements?

George Barwood

v2.23.0 | Report a Bug | By Email