On Thu, 03 Jan 2008, Holger Zuleger wrote:
New key signing key (KSK) for .SE As from today, 2008-01-03 .SE publish and take into use a new KSK for signing the .SE zone file. The key published with start 2006 with key id = 17686 is unvalid since 2008-01-01 and will be removed 2008-02-01. You should have configured the key published with start Would it be possible to set the REVOKE Bit on that key, and announce it for another 30 days?
There was no time to fix this for this rollover. Next time.
Doing so enables a rfc5011 aware validator to discard the key automatically from the list of possible trust anchor.
Which resolvers honors the revocation bit? To my knowledge, no swedish resolver operators are using such software yet. -- patrik_wallstrom->foodfight->pawal@blipp.com->+46-733173956