Mark, but would regular rolls not put vendors into a 'habit' of getting updates onto their package managers?
el On 2018-10-30 23:31 , Mark Andrews wrote: > Ultra frequent key rolls are not necessary. It takes years the latest > releases of name servers to make it into shipping OS’s. The last KSK > worked so well in part because there was a large amount of time > between publishing the new KSK and using the new KSK. This allowed > name server vendors to publish releases with the new KSK and for those > release to make it into some OS releases. > >> On 30 Oct 2018, at 10:05 pm, Tony Finch <d...@dotat.at> wrote: >> >> Steve Crocker <st...@shinkuro.com> wrote: >> >>> I had advocated early and frequent rollovers for precisely the >>> reason: keep doing it until it’s easy, so we’re in strong agreement. >> >> Yes, I would like to see annual rollovers. Keep that hinge greased >> :-) >> >> Tony. -- Dr. Eberhard W. Lisse / Obstetrician & Gynaecologist (Saar) e...@lisse.na / * | Telephone: +264 81 124 6733 (cell) PO Box 8421 / Bachbrecht, Namibia ;____/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
