On 8/09/09 6:07 PM, "Mark Andrews" <ma...@isc.org> wrote: >> >> As for when the current .PR key was listed on the interim trust anchor >> repository at IANA, 2009-09-01 21:45:06.072 UTC would be the precise time. > > So ITAR consumers had 2 days to respond to this key rollover event. > Did PR inform you immediately the DNSKEY was added to the PR zone? > What happened in the 14 days between the DNSKEY being added to the > zone and it appearing in ITAR?
The ITAR listing process is essentially automatic, but relies on the TLD operator actually submitting a request to list via a web form. It is up to the TLD operator to submit trust anchors to us when they are ready. The only check we do is we will not list a trust anchor until there is a matching DNSKEY in their zone. We have no unique insight into the key management policies of the TLD operators. We do not monitor TLD zones for DNSKEYs that are not in the ITAR and give them courtesy notes that they are absent (maybe we should?). I think the questions on rollover planning are best left for each TLD to provide, it is not something we have any restrictions on. kim _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
