--- Begin Message ---
I have forwarded this thread to a contact at .fi and suggested they join the
conversation and add some context.
My guess would also be that there is more than meets the eye, but hard to know
for sure from the short note.
Erwin
> On 17 Dec 2024, at 21.51, Shumon Huque <shu...@gmail.com> wrote:
>
> We probably need to know some more details about what exactly is changing.
> Do we have any contacts at .FI that can provide them?
>
> If they are not changing platforms and simply moving to a new algorithm,
> then yes, they should be able to do a regular algorithm rollover.
>
> If they are also moving to a new provider/platform as part of the algorithm
> change, then the situation may be more complicated. They'd need to do
> an algorithm rollover and a multi-signer transition to not break the
> validation
> chain (with present protocol rules) -- and the involved parties would need to
> support the features needed to do that.
>
> Shumon.
>
> On Tue, Dec 17, 2024 at 3:16 PM Steve Crocker <st...@shinkuro.com
> <mailto:st...@shinkuro.com>> wrote:
>> Why are they not doing a regular rollover so there is NO break in the
>> verification chain?
>>
>> Steve
>>
>>
>> On Tue, Dec 17, 2024 at 3:10 PM Paul Wouters <p...@nohats.ca
>> <mailto:p...@nohats.ca>> wrote:
>>>
>>> .fi customers got a note with:
>>>
>>> Traficom changes the DNSSEC implementation used for .fi domain
>>> names by
>>> changing the .FI signature algorithm. This change makes the domain
>>> name
>>> system (DNS) more reliable and ensures the continued compatibility
>>> of
>>> the DNSSEC implementation. Because of the change, .FI DS records
>>> will
>>> be removed from the root zone. This will break the verification
>>> chain,
>>> and DNSSEC will not be available to .fi domain names approximately
>>> from
>>> 17 April 2025 to 30 April 2025.
>>>
>>> If anyone has some influence there and could perhaps convince them
>>> to reduce "weeks" to "hours", I think that would be a very healthy
>>> improvement of their process.
>>>
>>> Paul
>>> _______________________________________________
>>> dns-operations mailing list
>>> dns-operations@lists.dns-oarc.net <mailto:dns-operations@lists.dns-oarc.net>
>>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>
>>
>>
>> --
>>
>> <https://wallet.unumid.co/authenticate?referralCode=tcp16fM4W47y>_______________________________________________
>> dns-operations mailing list
>> dns-operations@lists.dns-oarc.net <mailto:dns-operations@lists.dns-oarc.net>
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> _______________________________________________
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--- End Message ---
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
