David Blacka wrote:
I think it works to simply say this:
* The ITAR should be checked for changes once per 24 hour period.
Then:
* TLD operators would know to pre-publish the new DS at least 24
hours before doing the KSK roll.
But without any timing advice, it is quite difficult for TLD operators
to know if they are acting responsibly or not.
Is it the role of IANA to provide such advice?
What if a zone manager (e.g. a TLD registry) wishes to use very short
signature keys with very short rollover periods and finds its parent
zone manager responsive in terms of DS change turnover times? Maybe I
missed something and a specifications document somewhere prevents short
RSA signature keys, I which case I apologize in advance for the noise on
this mailing list.
Regards,
- Thierry Moreau
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
