Re: [DNSOP] KSK rollover
Patrik Wallstrom <pawal@blipp.com> Thu, 13 May 2010 08:08 UTC
Return-Path: <pawal@blipp.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 39F8D3A6B8C for <dnsop@core3.amsl.com>; Thu, 13 May 2010 01:08:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.741
X-Spam-Level:
X-Spam-Status: No, score=-0.741 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7GheTOnEYYmy for <dnsop@core3.amsl.com>; Thu, 13 May 2010 01:08:37 -0700 (PDT)
Received: from vic20.blipp.com (cl-682.sto-01.se.sixxs.net [IPv6:2001:16d8:ff00:2a9::2]) by core3.amsl.com (Postfix) with ESMTP id 94CDC3A6B7E for <dnsop@ietf.org>; Thu, 13 May 2010 01:06:59 -0700 (PDT)
Received: from [IPv6:2001:16d8:cc4f:1001:21f:5bff:fec4:a415] (unknown [IPv6:2001:16d8:cc4f:1001:21f:5bff:fec4:a415]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by vic20.blipp.com (Postfix) with ESMTPSA id 77939385BF; Thu, 13 May 2010 10:06:47 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: Patrik Wallstrom <pawal@blipp.com>
X-Priority: 3
In-Reply-To: <A865F793EED745D2B5F15A33F9467EEA@local>
Date: Thu, 13 May 2010 10:06:46 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <A8C3C484-690B-49BB-91BC-33C339A29025@blipp.com>
References: <A865F793EED745D2B5F15A33F9467EEA@local>
To: George Barwood <george.barwood@blueyonder.co.uk>
X-Mailer: Apple Mail (2.1078)
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] KSK rollover
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2010 08:08:38 -0000
On May 13, 2010, at 9:56 AM, George Barwood wrote: > I have been thinking about KSK rollover in my DNSSEC implementation, and it seems > that there is currently no specification for KSK rollover within the DNSSEC protocol. > > There is this expired requirements draft > > http://tools.ietf.org/wg/dnsop/draft-ietf-dnsop-key-rollover-requirements/ > > but that's all I found. > > Have I missed something? It seems to me that this is a rather vital component if > DNSSEC is to be widely deployed. > > Are there any plans to revive and/or implement these requirements? You probably want to read the Key Timing Considerations draft: http://tools.ietf.org/html/draft-morris-dnsop-dnssec-key-timing-02
- [DNSOP] KSK rollover George Barwood
- Re: [DNSOP] KSK rollover Patrik Wallstrom
- Re: [DNSOP] KSK rollover George Barwood
- Re: [DNSOP] KSK rollover Evan Hunt
- Re: [DNSOP] KSK rollover Edward Lewis
- Re: [DNSOP] KSK rollover Mark Andrews
- Re: [DNSOP] KSK rollover Joe Abley
- Re: [DNSOP] KSK rollover Joe Abley
- Re: [DNSOP] KSK rollover Mark Andrews
- Re: [DNSOP] KSK rollover Joe Abley
- Re: [DNSOP] KSK rollover Mark Andrews
- Re: [DNSOP] KSK rollover George Barwood
- Re: [DNSOP] KSK rollover Chris Thompson
- Re: [DNSOP] KSK rollover George Barwood