[org-algorithm-roll] Friday Update 2020-09-18

Howard Eland heland at afilias.info
Fri Sep 18 22:01:03 UTC 2020


All,

As Carl mentioned, this past week, we started the algorithm roll for .ORG:

The new Algorithm 8 keys were generated.
Zone RRSIGs based on the new keys were added.
The ZSK-based RRSIG on the DNSKEY set was removed.
NSEC3PARAMs were changed to have a new salt value, and hash iterations were set to 100.

Referring to Figure 8 in RFC 6781 <https://tools.ietf.org/html/rfc6781#section-4.1.4>, .ORG was moved to the "new RRSIGs” step on September 17th, and we are holding down.

Next week, we will add the new DNSKEYs, and sign the DNSKEY RRSet with both old and new KSKs.

Have a great weekend!

Best,
-Howard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/org-algorithm-roll/attachments/20200918/d3a3a5bc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.dns-oarc.net/pipermail/org-algorithm-roll/attachments/20200918/d3a3a5bc/attachment.sig>


More information about the org-algorithm-roll mailing list