About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] RIPE NCC DNSSEC Key Maintenance: Preemptive Key Signing Key Rollover

  • To: Ruben van Staveren ruben@localhost, dns-wg@localhost, rir-dns@localhost, ops-workers@localhost
  • From: bmanning@localhost
  • Date: Thu, 14 Sep 2006 17:03:27 +0000
 as a suggestion, could you -please- put a date on the web page 
 that indicates when the keys were generated or expected to be valid?

--bill


On Thu, Sep 14, 2006 at 03:16:15PM +0200, Ruben van Staveren wrote:


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> [Apologies for duplicate e-mails]
> 
> Dear Colleagues,
> 
> Due to the recently published weakness in PKCS 1.5 signatures in OpenSSL
> RSA crypto, the RIPE NCC will be performing an key signing key (KSK)
> rollover earlier than planned.
> 
> We have completed the first phase of the procedure and have published
> the new Key Signing Keys (KSK's). The deprecated keys will remain valid for
> a maximum of three months.
> 
> We recommend that you reconfigure any resolvers to use the new keys. You
> can download them from:
> https://www.ripe.net/projects/disi//keys/ripe-ncc-dnssec-keys-new.txt
> 
> The DNSSEC Key Maintenance Procedure is available at:
> https://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html
> 
> The following references may be useful:
> http://www.openssl.org/news/secadv_20060905.txt
> http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
> 
> We thank you for your patience and apologise for any inconvenience this
> maintenance may cause.
> 
> If you have any questions regarding this maintenance please e-mail:
> ops@localhost.
> 
> Regards,
> 
> 
> Ruben van Staveren
> Operations Group
> RIPE NCC
> -----BEGIN PGP SIGNATURE-----
> Comment: For info see https://www.ripe.net/rs/pgp/
> 
> iD8DBQFFCVSambreNIsOKy8RAsRWAJ9jVQT++r9aZ3b0sCAl+IMFaUQLrgCfTtFb
> 5Az85tIv7TrWHVYoyt4Wvto=
> =tvtB
> -----END PGP SIGNATURE-----
> 
> -- 
> Ruben van Staveren                      RIPE Network Coordination Center
> Operations Group                        Singel 258 Amsterdam NL
> http://www.ripe.net                     +31 20 535 4444
>   PGP finger print 6501 4389 A675 477E DCE5  53D8 9108 49E2 DAFC 271B
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community