[dns-operations] roll over

Edward Lewis Ed.Lewis at neustar.biz
Tue Jul 11 13:16:56 UTC 2006


At 11:50 AM -1000 7/10/06, Randy Bush wrote:

>if it is going to be operational and official, might it not be
>a good idea to understand how key rollover will be done?

There are two kinds of roll over.  One is simple key change and is 
described in a document sitting in the RFC-Editor Pub Queue.  I.e., 
the IETF is done with it, but it hasn't been sent to the printers yet.

http://www.ietf.org/internet-drafts/draft-ietf-dnsop-dnssec-operational-practices-08.txt

The other kind of roll over is trust anchor.  There is a draft of 
requirements for that here (not vetted yet):

http://www.ietf.org/internet-drafts/draft-ietf-dnsext-rollover-requirements-02.txt

And there are these approaches:

http://www.ietf.org/internet-drafts/draft-ietf-dnsext-trustupdate-timers-02.txt
http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-trustupdate-threshold/draft-ietf-dnsext-trustupdate-threshold-01.txt

The latter is an expired document.

Trust Anchor Roll Over is a topic for the in-person meeting of the 
IETF DNSEXT WG later this day.

Comments are welcome, you don't have to be there in person, you can 
send things to the namedroppers at ops.ietf.org mail list, or to the 
editors.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Soccer/Futbol. IPv6.  Both have lots of 1's and 0's and have a hard time
catching on in North America.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060711/301d1004/attachment.html>


More information about the dns-operations mailing list