[dns-operations] .FI going insecure for two weeks (!)
Steve Crocker
steve at shinkuro.com
Tue Dec 17 20:12:08 UTC 2024
Why are they not doing a regular rollover so there is NO break in the
verification chain?
Steve
On Tue, Dec 17, 2024 at 3:10 PM Paul Wouters <paul at nohats.ca> wrote:
>
> .fi customers got a note with:
>
> Traficom changes the DNSSEC implementation used for .fi domain
> names by
> changing the .FI signature algorithm. This change makes the domain
> name
> system (DNS) more reliable and ensures the continued compatibility
> of
> the DNSSEC implementation. Because of the change, .FI DS records
> will
> be removed from the root zone. This will break the verification
> chain,
> and DNSSEC will not be available to .fi domain names approximately
> from
> 17 April 2025 to 30 April 2025.
>
> If anyone has some influence there and could perhaps convince them
> to reduce "weeks" to "hours", I think that would be a very healthy
> improvement of their process.
>
> Paul
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
--
Sent by a Verified
[image: Sent by a Verified sender]
<https://wallet.unumid.co/authenticate?referralCode=tcp16fM4W47y>
sender
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20241217/3e43e1d8/attachment.html>
More information about the dns-operations
mailing list