[Opendnssec-user] Default ZSK sizes

Scott Armitage S.P.Armitage at lboro.ac.uk
Wed Jan 25 07:57:49 UTC 2012

On 24 Jan 2012, at 23:44, Rick van Rein wrote:

>  Once again,
> the infrastructure exists to update a KSK if need be, and
> a knowledgeable resolver operator could stop accepting
> keys if RSA is broken tomorrow.

At the moment it often isn't the easiest of processes to get a KSK changed for some TLDs (depending upon your registrar).  It took me a couple of days (including explaining to the first line support what DNSSEC was) to get my DS Record into the .eu parent zone.
Who knows how quickly I could get a key rolled.

I've yet to find a registrar for .co.uk who will even let you put DS records into .co.uk (Despite Nominet providing them with the interfaces).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120125/fb27468d/attachment.bin>

More information about the Opendnssec-user mailing list