[Opendnssec-user] Default ZSK sizes
Scott Armitage
S.P.Armitage at lboro.ac.uk
Wed Jan 25 07:57:49 UTC 2012
On 24 Jan 2012, at 23:44, Rick van Rein wrote:
> Once again,
> the infrastructure exists to update a KSK if need be, and
> a knowledgeable resolver operator could stop accepting
> keys if RSA is broken tomorrow.
>
At the moment it often isn't the easiest of processes to get a KSK changed for some TLDs (depending upon your registrar). It took me a couple of days (including explaining to the first line support what DNSSEC was) to get my DS Record into the .eu parent zone.
Who knows how quickly I could get a key rolled.
I've yet to find a registrar for .co.uk who will even let you put DS records into .co.uk (Despite Nominet providing them with the interfaces).
Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120125/fb27468d/attachment.bin>
More information about the Opendnssec-user
mailing list