[dns-operations] .ARPA Zone DNSSEC Operational Update -- ZSK length change
Arsen STASIC
arsen.stasic at univie.ac.at
Thu Jul 11 07:35:22 UTC 2019
Hi Duane,
why are you going to increase .NET KSK just to 1280 bits and not
to 2048 bits as in .ARPA?
cheers
-arsen
* Wessels, Duane <dwessels at verisign.com> [2019-07-10 02:12 (+0000)]:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>
>All,
>
>Verisign is in the process of increasing the size and strength of
>the DNSSEC Zone Signing Keys (ZSKs) for the top-level domains that
>it operates. As part of this process, the ZSK for the .ARPA zone
>will be increased in size from 1024 to 2048 bits.
>
>On July 11, 2019 the 2048 bit ZSK will be pre-published in the .ARPA
>zone. On July 21, the .ARPA zone will be signed with the 2048 bit
>ZSK. On August 10, the 1024 bit ZSK will be removed from the zone.
>
>We do not anticipate any problems from this upgrade. In accordance
>with our normal operating procedures we have a rollback process
>should it become necessary to revert to the 1024 bit ZSK.
>
>DW
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v2.0.22 (GNU/Linux)
>
>iQEcBAEBCAAGBQJdJQifAAoJEGyZpGmowJiNxjcH/3a+ox9KyGAT5vnrcxfEYYIQ
>X2iQ0dSEBCv9JPNwTnKkV2U2xzG3uZb6LHjq9tihtA4M04IaMvlLnZMUFUyGgzrl
>ACvn6j9qCE0q7sgDGo/RNWXBsAd58mKgBVMMRCBR6AklDHVA+grEH2CwDwP0eGYZ
>8dy6Cf94jqXqiVDQIxoK31YhYFqNVRhZE4f72V+6lh1fg4GrsfXKeErYwQooxdYT
>91H9TmffWmEpG+eYdgWMOPPS+nsrDr/MAuSVD0t5hT8H/HrCo45MNxxskmwLg0Ni
>QAHgy5Ao2jgJj6MkzZdwjldM8mn5YzMegiHUF9R5W5TRlnNm7uGTU32Irzu7b/8=
>=lJK6
>-----END PGP SIGNATURE-----
>
More information about the dns-operations
mailing list