[dns-operations] 答复: What's are the KSR and SKR userd for in KSK rollover?

Wessels, Duane dwessels at verisign.com
Fri Apr 6 15:01:34 UTC 2018


Davey,

Yes, the KSR and SKR are transmitted over TLS with client authentication.

DW


> On Apr 5, 2018, at 9:52 PM, Davey Song(宋林健) <ljsong at biigroup.cn> wrote:
> 
> Thanks Wessels.  
>  
> Another questions: The xml file are transmitted by a certain secure mechanism right ? Otherwise it will block the process by the Middle man attack.
>  
> Davey
>  
> 发件人: Wessels, Duane [mailto:dwessels at verisign.com] 
> 发送时间: 2018年4月6日 10:14
> 收件人: Davey Song(宋林健) 
> 抄送: dns-operations
> 主题: Re: [dns-operations] What's are the KSR and SKR userd for in KSK rollover?
>  
> Davey, 
>  
> These are XML documents that convey public key and signature data. 
>  
> The KSR is how the ZSK operator says “please sign these key sets for me” and the SKR is how the KSK operator says “okay, here’s your signatures for them.”
> 
> DW
> 
> On Apr 5, 2018, at 6:52 PM, Davey Song(宋林健) <ljsong at biigroup.cn> wrote:
> 
>> Hi folks, 
>>  
>> When I read the ICANN’s KSK rollover implementation plan, in Key signing ceremony there is a process called KSR (Key Signing Request) and SKR (Signing Key Response). I’m not sure what are they used for? Are they a formal process and memo to record the activities in the ceremony? 
>>  
>> Thanks in advance.
>>  
>> Best regards,
>> Davey
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> dns-operations mailing list
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>> 





More information about the dns-operations mailing list