> given that their respective administrators have
> declared an intention to follow RFC 5011 if they ever roll over their
> KSKs.
As you say "if they ever roll"; I'm not placing any money on that. ;-)
> I could of course set up such a test zone and try to perform an RFC 5011
> rollover on it, using dnssec-revoke and/or the -R option of dnssec-settime,
> meanwhile tracking it on another system via a managed-keys entry, but then
> if it all went pear-shaped it might not be clear whether I had performed
> the rollover correctly or not.
I would gladly participate in such a test, if you need me.
-JP
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
