[dnssec-key-tf] Using the TAR for non-TLD KSKs

Previous message: [dnssec-key-tf] Using the TAR for non-TLD KSKs

Next message: [dnssec-key-tf] Using the TAR for non-TLD KSKs

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Koch
Wed Oct 24 16:45:39 CEST 2007

On Wed, Oct 24, 2007 at 03:30:36PM +0100, Jim Reid wrote:

> I agree. But surely a TAR that goes into keys other than TLDs will  
> just create this problem in a slightly different guise? This could  
> also have an unpleasant operational impact on the TAR: perhaps  
> looking after many hundreds of (frequently changing?) KSKs rather  
> than a much smaller number of (probably fairly stable) TLD KSKs.

it makes the TAR operationally more complex and it would also be in conflict
with our proposed stop condition.  With only TLDs it is straightforward
to exit once the root is signed.  With other domains in the TAR, this
strategy doesn't appear as straightforward to me anymore.

-Peter

Previous message: [dnssec-key-tf] Using the TAR for non-TLD KSKs

Next message: [dnssec-key-tf] Using the TAR for non-TLD KSKs

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ Dnssec-key-tf Archive ]