[Opendnssec-develop] key policy draft

Matthijs Mekking matthijs at NLnetLabs.nl
Tue Dec 21 10:02:07 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have written a key policy draft, that describes the timelines of
possible key rollovers. It is largely a copy of the key timing draft.

The key rollovers described in the key timing draft have been rewritten
to match our current terminology (with key goals, unraveled key states,
rollover considerations). I have introduced Single Type Signing Scheme
(STSS) rollovers, which are a combination of ZSK and KSK rollovers.

There is also some text about policy rollover: enabling and disabling
dnssec, algorithm rollover and changing signing scheme.

Best regards,

Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNEHsfAAoJEA8yVCPsQCW5/swH/j4eKuOXUQVzSvIkhWiD0I6K
6Tbyj9uFgSD8pfRum8WTAYgZgyqxjMS+PExkWP52mpQ+yRy045aP1GG7Ou6UGZhj
WnvpInMvLga7EE3WB6NqYSLWjqCtuRIsPgjjXCp4u6vcQqbJ+T7NvUG8g+G7xgYE
c97UG9JwK57J2RsPYh61wGjfa3X0EjikSDCIGV0rCfuJ+lz5Y/C8l2JJ/p8y2+Ps
pdeHrICl5XpKho8XmyCm0HDqUAPb6Jllk1IcATfhCH6YXEzDiQX4Aj0kqNKlM+Xb
DLT0SyHN+cn8kyMvO7cgekr29U7fB/feCT/6zpchvfZrnNAarffzWtkrDLr8clc=
=Wl9O
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: draft-mekking-dnsop-dnssec-key-policy-00.txt
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20101221/1599ed03/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: draft-mekking-dnsop-dnssec-key-policy-00.txt.sig
Type: application/octet-stream
Size: 287 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20101221/1599ed03/attachment.obj>


More information about the Opendnssec-develop mailing list