Ultra frequent key rolls are not necessary. It takes years the latest releases of name servers to make it into shipping OS’s. The last KSK worked so well in part because there was a large amount of time between publishing the new KSK and using the new KSK. This allowed name server vendors to publish releases with the new KSK and for those release to make it into some OS releases.
> On 30 Oct 2018, at 10:05 pm, Tony Finch <d...@dotat.at> wrote: > > Steve Crocker <st...@shinkuro.com> wrote: > >> I had advocated early and frequent rollovers for precisely the reason: keep >> doing it until it’s easy, so we’re in strong agreement. > > Yes, I would like to see annual rollovers. Keep that hinge greased :-) > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > Shannon, Rockall: Cyclonic becoming west 5 to 7. Rough or very rough. Rain or > showers. Good, occasionally > poor._______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
