This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] RIPE NCC DNS operations update
- Previous message (by thread): [dns-wg] RIPE NCC DNS operations update
- Next message (by thread): [dns-wg] RIPE NCC DNS operations update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Anand Buddhdev
anandb at ripe.net
Wed May 11 14:20:08 CEST 2022
On 11/05/2022 14:07, Jim Reid wrote: Hi Jim, > Many thanks for the update Anand. > > Could you give a bit more detail on why you decided to dump the > ZSKs? Was it just a matter of having fewer keys to manage and fewer moving > parts that could break? Managing keys isn't an issue, since it is all automated by the signer. Our main reason is that we do not have separate storage for the KSKs and ZSKs. They were all stored together on the signer. Additionally, our ECDSA KSKs and ZSKs were of the same size. Therefore, there is no additional protection offered by separating them, and so it is reasonable to use a CSK. Regards, Anand Buddhdev RIPE NCC
- Previous message (by thread): [dns-wg] RIPE NCC DNS operations update
- Next message (by thread): [dns-wg] RIPE NCC DNS operations update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]