In message <4aae607e.9020...@nic.pr>, Technical Support writes: > Hi Everyone, > > We're sorry for all the inconvenience this issue has caused. Regarding > the rollover procedure, we did follow it by using a double signature in > the rollover phase. The new keys are posted at > http://dnssec.nic.pr/trust_keys.php instead of > "http://dnssec.nic.pr/serverconf.php"; as listed in one of the posts. > Also, an email was sent to our mailing list. Even though we didn't > upload the new keys in a timely manner and the maintenance key rollover > script removed the old keys from the zones, our rollover didn't last 2 > days.
It effectively lasted 2 day for ITAR users. The new key was added on the 1st and the old key removed on the 3rd. The total rollover was 16 days. > We are looking forward to avoid such issues in the future. Once > again sorry for this misunderstanding and any feedback is welcome. > > > Cheers, > > > _______________________ > Technical Staff > .prTLD > 787.372.3804 - 787.689.5868 > > > > > Mark Andrews wrote: > > In message <a06240802c6d0c8835...@[192.168.1.102]>, Edward Lewis writes: > > > >> Ok, I've about had it with the tone of this thread. > >> > >> At 12:17 +1000 9/12/09, Mark Andrews wrote: > >> > >> > >>> Actually there is blame all round. > >>> > >> I think this is uncalled for and is detrimental to the list. > >> > > > > Did all the other users of ITAR successfully follow this key rollover? > > Did all the other users of ITAR fail to follow this key rollover? > > Would they admit it if they did? > > > > I know I took several days to update my trusted-key clause for PR > > in my named.conf's. They are all updated manually. If I wasn't > > asking PR directly, by doing DNSKEY queries, but instead used ITAR's > > collection I would have not followed the key rollover. > > > > PR should have updated ITAR immediately. They didn't. PR should > > have taken their delay into account before removing the old key. > > They didn't. 2 days was not reasonable when every other key rollover > > took ~1 month. > > > > ITAR should be providing guidance on how often to poll. They didn't. > > No TAR can be reliable without this guidance because nobody can > > know what to expect. > > > > PR rolled keys faster than any other TLD has ever rolled keys in > > the past once they went operational (GOV rolled sub 24 while testing). > > PR rolled keys much faster than the recommended timings in RFC 5011. > > Weekly polling was quite reasonable based on RFC 5011 and historic > > TLD key rollover periods. > > > > Mark > > > > > >> -- > >> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > - > >> Edward Lewis > >> NeuStar You can leave a voice message at +1-571-434-546 > 8 > >> > >> As with IPv6, the problem with the deployment of frictionless surfaces is > >> that they're not getting traction. > >> > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
