I have been thinking about KSK rollover in my DNSSEC implementation, and it seems that there is currently no specification for KSK rollover within the DNSSEC protocol.
There is this expired requirements draft http://tools.ietf.org/wg/dnsop/draft-ietf-dnsop-key-rollover-requirements/ but that's all I found. Have I missed something? It seems to me that this is a rather vital component if DNSSEC is to be widely deployed. Are there any plans to revive and/or implement these requirements? George Barwood _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop