[org-algorithm-roll] Friday Update 2020-09-25
Howard Eland
heland at afilias.info
Fri Sep 25 20:47:06 UTC 2020
All,
Here’s this week's update on algorithm roll for .ORG:
The new Algorithm 8 KSKs were added to each zone.
The new Algorithm 8 ZSKs were added to each zone.
The DNSKEY RRSet is now signed by both the algorithm 7 and algorithm 8 KSK for each zone.
Referring to Figure 8 in RFC 6781 <https://tools.ietf.org/html/rfc6781#section-4.1.4>, .ORG was moved from "new RRSIGs” to “new DNSKEY" on September 24th, and we are holding down.
Next week, we will initiate the IANA/PTI requests to replace the current DS records with a single type 2 DS record, matching the new algorithm 8 DNSKEY for each zone.
Have a great weekend!
Best,
-Howard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/org-algorithm-roll/attachments/20200925/ab0ae13d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.dns-oarc.net/pipermail/org-algorithm-roll/attachments/20200925/ab0ae13d/attachment.sig>
More information about the org-algorithm-roll
mailing list