[org-algorithm-roll] Friday Update 2020-10-09

[Howard Eland]

All,

Here’s this week's update on algorithm roll for .ORG:

The old algorithm 7 KSK record has been removed from the DNSKEY RRSet
.The DNSKEY RRSet is no longer signed by the algorithm 7 KSK.
.
Referring to Figure 8 in RFC 6781 <https://tools.ietf.org/html/rfc6781#section-4.1.4>, .ORG was moved from “new DS” to “DNSKEY Removal” on Thursday, Oct 08 2020, and we are holding down.

We have noticed that the ZSK-based signature on the DNSKEY RRSet has re-emerged - we will address that next week, before the next zone re-sign.

Next week, we will remove the old algorithm 7 ZSK (and that spurious RRSIG).  The following week, we will complete the algorithm roll with the removal of the algorithm 7 based zone signatures.

Have a great weekend!

Best,
-Howard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/org-algorithm-roll/attachments/20201009/61a1c741/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.dns-oarc.net/pipermail/org-algorithm-roll/attachments/20201009/61a1c741/attachment.sig>