17 Mar
2009
17 Mar
'09
12:26 p.m.
Lutz Donnerhacke wrote:
On 12 March 2009, the RIPE NCC generated new key-signing keys (KSKs) for all the DNSSEC-signed zones that it operates. We have published updated trust anchor files for inclusion in validating resolvers.
Are you going to use RFC 5011 to remove the old keys?
Hello Lutz, The toolset that we're using does not have support for setting the revocation bit, so we won't be setting it. Are many people actually running resolvers that understand RFC 5011? -- Anand Buddhdev DNS Services Manager, RIPE NCC