On 24 Jan 2012, at 23:44, Rick van Rein wrote: > Once again, > the infrastructure exists to update a KSK if need be, and > a knowledgeable resolver operator could stop accepting > keys if RSA is broken tomorrow. >
At the moment it often isn't the easiest of processes to get a KSK changed for some TLDs (depending upon your registrar). It took me a couple of days (including explaining to the first line support what DNSSEC was) to get my DS Record into the .eu parent zone. Who knows how quickly I could get a key rolled. I've yet to find a registrar for .co.uk who will even let you put DS records into .co.uk (Despite Nominet providing them with the interfaces). Scott
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
