Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: sentinel and timing?
Ray Bellis <ray@bellis.me.uk> Thu, 08 February 2018 14:43 UTC
Return-Path: <ray@bellis.me.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4457412D957 for <dnsop@ietfa.amsl.com>; Thu, 8 Feb 2018 06:43:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.452
X-Spam-Level:
X-Spam-Status: No, score=-0.452 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r9oSq0JSzPQW for <dnsop@ietfa.amsl.com>; Thu, 8 Feb 2018 06:43:16 -0800 (PST)
Received: from hydrogen.portfast.net (hydrogen.portfast.net [188.246.200.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A030127058 for <dnsop@ietf.org>; Thu, 8 Feb 2018 06:43:16 -0800 (PST)
Received: from [88.212.170.147] (port=63671 helo=rays-mbp.local) by hydrogen.portfast.net ([188.246.200.2]:465) with esmtpsa (fixed_plain:ray@bellis.me.uk) (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) id 1ejnPt-0007Om-CJ (Exim 4.72) for dnsop@ietf.org (return-path <ray@bellis.me.uk>); Thu, 08 Feb 2018 14:43:13 +0000
To: dnsop@ietf.org
References: <564E7616-6B47-48E2-B3DC-68A22032F441@icann.org>
From: Ray Bellis <ray@bellis.me.uk>
Message-ID: <f451f2da-f68c-60ab-8633-7388c7d88b7c@bellis.me.uk>
Date: Thu, 08 Feb 2018 14:43:14 +0000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <564E7616-6B47-48E2-B3DC-68A22032F441@icann.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/YXOLrYWAdHRZYsPk87TXZw0zxgg>
Subject: Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: sentinel and timing?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2018 14:43:18 -0000
On 08/02/2018 14:18, Edward Lewis wrote: > I am not saying this theory has been put to the test, but it is > compelling. This hypothesis is in the ICANN deck on the KSK rollover > used throughout 2017 (until the postponement). Another hypothesis is configurations where the directory in which BIND is looking for its files is not writable, preventing saving of the updated keys. Some O/S vendors do ship their BIND packages configured this way by default :( Ray
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … sthaug
- [DNSOP] Why new code/old keys? Re: [Ext] Re: sent… Edward Lewis
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … Ray Bellis
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … Joe Abley
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … Matt Larson
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … Paul Vixie
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … sthaug
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … Paul Vixie
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … Matt Larson
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … Paul Vixie
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … Mukund Sivaraman
- Re: [DNSOP] Why new code/old keys? Re: [Ext] Re: … Mark Andrews