I reached out to someone in Finland who may have added insights and connections to Traficom. I encourage others to do so as well who have connections.
Would be useful to hear added details from Traficom. - merike On Dec 17, 2024, at 12:51 PM, Shumon Huque <shu...@gmail.com> wrote: We probably need to know some more details about what exactly is changing. Do we have any contacts at .FI that can provide them? If they are not changing platforms and simply moving to a new algorithm, then yes, they should be able to do a regular algorithm rollover. If they are also moving to a new provider/platform as part of the algorithm change, then the situation may be more complicated. They'd need to do an algorithm rollover and a multi-signer transition to not break the validation chain (with present protocol rules) -- and the involved parties would need to support the features needed to do that. Shumon. On Tue, Dec 17, 2024 at 3:16 PM Steve Crocker <st...@shinkuro.com <mailto:st...@shinkuro.com>> wrote: > Why are they not doing a regular rollover so there is NO break in the > verification chain? > > Steve > > > On Tue, Dec 17, 2024 at 3:10 PM Paul Wouters <p...@nohats.ca > <mailto:p...@nohats.ca>> wrote: >> >> .fi customers got a note with: >> >> Traficom changes the DNSSEC implementation used for .fi domain names >> by >> changing the .FI signature algorithm. This change makes the domain >> name >> system (DNS) more reliable and ensures the continued compatibility of >> the DNSSEC implementation. Because of the change, .FI DS records will >> be removed from the root zone. This will break the verification >> chain, >> and DNSSEC will not be available to .fi domain names approximately >> from >> 17 April 2025 to 30 April 2025. >> >> If anyone has some influence there and could perhaps convince them >> to reduce "weeks" to "hours", I think that would be a very healthy >> improvement of their process. >> >> Paul >> _______________________________________________ >> dns-operations mailing list >> dns-operations@lists.dns-oarc.net <mailto:dns-operations@lists.dns-oarc.net> >> https://lists.dns-oarc.net/mailman/listinfo/dns-operations > > > > -- > > <https://wallet.unumid.co/authenticate?referralCode=tcp16fM4W47y>_______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net <mailto:dns-operations@lists.dns-oarc.net> > https://lists.dns-oarc.net/mailman/listinfo/dns-operations _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
