hi, My understanding is that they are using a signer that does not make algorithm rollovers easy. They are going for what seems to be less risky for them.
Regards, Tamás Dec 17, 2024 21:17:33 Steve Crocker <st...@shinkuro.com>: > Why are they not doing a regular rollover so there is NO break in the > verification chain? > > Steve > > > On Tue, Dec 17, 2024 at 3:10 PM Paul Wouters <p...@nohats.ca> wrote: >> >> .fi customers got a note with: >> >> Traficom changes the DNSSEC implementation used for .fi domain names >> by >> changing the .FI signature algorithm. This change makes the domain >> name >> system (DNS) more reliable and ensures the continued compatibility of >> the DNSSEC implementation. Because of the change, .FI DS records will >> be removed from the root zone. This will break the verification >> chain, >> and DNSSEC will not be available to .fi domain names approximately >> from >> 17 April 2025 to 30 April 2025. >> >> If anyone has some influence there and could perhaps convince them >> to reduce "weeks" to "hours", I think that would be a very healthy >> improvement of their process. >> >> Paul >> _______________________________________________ >> dns-operations mailing list >> dns-operations@lists.dns-oarc.net >> https://lists.dns-oarc.net/mailman/listinfo/dns-operations > > > -- > [Image][Sent by a Verified > sender][https://unum-id-email-extension-assets.s3.us-west-2.amazonaws.com/Badges/Verified+Badge+200px.png][https://wallet.unumid.co/authenticate?referralCode=tcp16fM4W47y] _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
![https://unum-id-email-extension-assets.s3.us-west-2.amazonaws.com/Badges/Verified+Badge+200px.png][https://wallet.unumid.co/authenticate?referralCode=tcp16fM4W47y](https://unum-id-email-extension-assets.s3.us-west-2.amazonaws.com/Badges/Verified+Badge+200px.png][https://wallet.unumid.co/authenticate?referralCode=tcp16fM4W47y){kind=link}