as a suggestion, could you -please- put a date on the web page that indicates when the keys were generated or expected to be valid? --bill On Thu, Sep 14, 2006 at 03:16:15PM +0200, Ruben van Staveren wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[Apologies for duplicate e-mails]
Dear Colleagues,
Due to the recently published weakness in PKCS 1.5 signatures in OpenSSL RSA crypto, the RIPE NCC will be performing an key signing key (KSK) rollover earlier than planned.
We have completed the first phase of the procedure and have published the new Key Signing Keys (KSK's). The deprecated keys will remain valid for a maximum of three months.
We recommend that you reconfigure any resolvers to use the new keys. You can download them from: https://www.ripe.net/projects/disi//keys/ripe-ncc-dnssec-keys-new.txt
The DNSSEC Key Maintenance Procedure is available at: https://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html
The following references may be useful: http://www.openssl.org/news/secadv_20060905.txt http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
We thank you for your patience and apologise for any inconvenience this maintenance may cause.
If you have any questions regarding this maintenance please e-mail: ops@ripe.net.
Regards,
Ruben van Staveren Operations Group RIPE NCC -----BEGIN PGP SIGNATURE----- Comment: For info see https://www.ripe.net/rs/pgp/
iD8DBQFFCVSambreNIsOKy8RAsRWAJ9jVQT++r9aZ3b0sCAl+IMFaUQLrgCfTtFb 5Az85tIv7TrWHVYoyt4Wvto= =tvtB -----END PGP SIGNATURE-----
-- Ruben van Staveren RIPE Network Coordination Center Operations Group Singel 258 Amsterdam NL http://www.ripe.net +31 20 535 4444 PGP finger print 6501 4389 A675 477E DCE5 53D8 9108 49E2 DAFC 271B