I have been thinking about KSK rollover in my DNSSEC implementation, and it
seems
that there is currently no specification for KSK rollover within the DNSSEC
protocol.
There is this expired requirements draft
http://tools.ietf.org/wg/dnsop/draft-ietf-dnsop-key-rollover-requirements/
but
On May 13, 2010, at 9:56 AM, George Barwood wrote:
I have been thinking about KSK rollover in my DNSSEC implementation, and it
seems
that there is currently no specification for KSK rollover within the DNSSEC
protocol.
There is this expired requirements draft
- Original Message -
From: Patrik Wallstrom pa...@blipp.com
To: George Barwood george.barw...@blueyonder.co.uk
Cc: dnsop@ietf.org
Sent: Thursday, May 13, 2010 9:06 AM
Subject: Re: [DNSOP] KSK rollover
On May 13, 2010, at 9:56 AM, George Barwood wrote:
I have been thinking about KSK
That is certainly relevant to rollover, but it doesn't specify any means
by which the new DS records can be placed in the parent zone.
You're correct, there's no mechanism for doing this within the DNS. You
need to update DS records through your registrar just as you do with NS
records and
At 17:37 +0100 5/13/10, George Barwood wrote:
I'm somewhat puzzled that thre is no specification, and apparently no
activity on this.
http://www.ripe.net/ripe/meetings/ripe-59/presentations/lewis-dnssec.pdf
There's activity. There's no standard underway because of the
plethora of
In message 44c21cd9ee514b039eafeafa707a2...@local, George Barwood writes:
- Original Message -
From: Patrik Wallstrom pa...@blipp.com
To: George Barwood george.barw...@blueyonder.co.uk
Cc: dnsop@ietf.org
Sent: Thursday, May 13, 2010 9:06 AM
Subject: Re: [DNSOP] KSK rollover
On 2010-05-13, at 19:33, Mark Andrews wrote:
There are lots of way to do this.
* Use UPDATE to update the delegation records in the parent.
This would work today it only requires a willingness to do so.
This can be done securely (TSIG) and will scale.
On 2010-05-13, at 22:13, Joe Abley wrote:
... and there's also the approach that is actually being implemented, which
is described in RFC 4310.
Or 5910, since that seems to exist now. :-)
Internet Engineering Task Force (IETF) J. Gould
Request for Comments: 5910
In message 74ae2b2b-a09a-4fbf-b6c3-7eebe89ca...@hopcount.ca, Joe Abley writes
:
On 2010-05-13, at 19:33, Mark Andrews wrote:
There are lots of way to do this.
* Use UPDATE to update the delegation records in the parent.
This would work today it only requires a willingness