[dns-operations] roll over
Edward Lewis
Ed.Lewis at neustar.biz
Tue Jul 11 13:16:56 UTC 2006
At 11:50 AM -1000 7/10/06, Randy Bush wrote:
>if it is going to be operational and official, might it not be
>a good idea to understand how key rollover will be done?
There are two kinds of roll over. One is simple key change and is
described in a document sitting in the RFC-Editor Pub Queue. I.e.,
the IETF is done with it, but it hasn't been sent to the printers yet.
http://www.ietf.org/internet-drafts/draft-ietf-dnsop-dnssec-operational-practices-08.txt
The other kind of roll over is trust anchor. There is a draft of
requirements for that here (not vetted yet):
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-rollover-requirements-02.txt
And there are these approaches:
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-trustupdate-timers-02.txt
http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-trustupdate-threshold/draft-ietf-dnsext-trustupdate-threshold-01.txt
The latter is an expired document.
Trust Anchor Roll Over is a topic for the in-person meeting of the
IETF DNSEXT WG later this day.
Comments are welcome, you don't have to be there in person, you can
send things to the namedroppers at ops.ietf.org mail list, or to the
editors.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Soccer/Futbol. IPv6. Both have lots of 1's and 0's and have a hard time
catching on in North America.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20060711/301d1004/attachment.html>
More information about the dns-operations
mailing list