<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">I reached out to someone in Finland who may have added insights and connections to Traficom. I encourage others to do so as well who have connections.<div><br></div><div>Would be useful to hear added details from Traficom.</div><div><br></div><div>- merike<br><div><br><div>On Dec 17, 2024, at 12:51 PM, Shumon Huque <shuque@gmail.com> wrote:</div><br class="Apple-interchange-newline"><div><div dir="ltr"><div>We probably need to know some more details about what exactly is changing.</div><div>Do we have any contacts at .FI that can provide them?</div><div><br></div><div>If they are not changing platforms and simply moving to a new algorithm,</div><div>then yes, they should be able to do a regular algorithm rollover.</div><div><br></div><div>If they are also moving to a new provider/platform as part of the algorithm</div><div>change, then the situation may be more complicated. They'd need to do</div><div>an algorithm rollover and a multi-signer transition to not break the validation</div><div>chain (with present protocol rules) -- and the involved parties would need to</div><div>support the features needed to do that.</div><div><br></div><div>Shumon.<br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Tue, Dec 17, 2024 at 3:16 PM Steve Crocker <<a href="mailto:steve@shinkuro.com">steve@shinkuro.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div style="font-family: arial, sans-serif; font-size: small;">Why are they not doing a regular rollover so there is NO break in the verification chain?</div><div style="font-family: arial, sans-serif; font-size: small;"><br></div><div style="font-family: arial, sans-serif; font-size: small;">Steve</div><div style="font-family: arial, sans-serif; font-size: small;"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Dec 17, 2024 at 3:10 PM Paul Wouters <<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
.fi customers got a note with:<br>
<br>
Traficom changes the DNSSEC implementation used for .fi domain names by<br>
changing the .FI signature algorithm. This change makes the domain name<br>
system (DNS) more reliable and ensures the continued compatibility of<br>
the DNSSEC implementation. Because of the change, .FI DS records will<br>
be removed from the root zone. This will break the verification chain,<br>
and DNSSEC will not be available to .fi domain names approximately from<br>
17 April 2025 to 30 April 2025.<br>
<br>
If anyone has some influence there and could perhaps convince them<br>
to reduce "weeks" to "hours", I think that would be a very healthy<br>
improvement of their process.<br>
<br>
Paul<br>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</blockquote></div><div><br clear="all"></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div style="display:none">Sent by a Verified</div>
<div style="display:block">
<a href="https://wallet.unumid.co/authenticate?referralCode=tcp16fM4W47y" target="_blank">
<img width="100" height="24.4" alt="Sent by a Verified sender">
</a>
</div>
<div style="display:none">sender</div></div>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</blockquote></div></div>
_______________________________________________<br>dns-operations mailing list<br>dns-operations@lists.dns-oarc.net<br>https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br></div></div><br></div></body></html>