On 4 Apr 2013, at 21:46, Joe Abley <jab...@hopcount.ca> wrote: > I think we need a two-pronged approach to this problem space: > > 1. Use 5011 or some similar mechanism to accommodate key rollovers (for > devices that are turned on often enough to be able to do that) > > 2. Carefully specify bootstrapping behaviour so that any cold-start of a > long-dormant validator can be handled in some sane way.
+1 An enumeration of the solutions of this problem space doesn't need to be done before the first live root zone key rollover.* IMO, there's little that could break and if there was any collateral damage it would happen in places where there's enough clue to put things right. *Did anything significant break when the rollover from the DURZ key happened? OK, that was moving from a state where nothing validated to where things did validate, but still... _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop