* W. C. A. Wijngaards: > Hi, > > Just new in the dnsop wg tools page: > http://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history-00
I don't understand this part: | DNSSEC [RFC4034] validators that have been offline or have missed an | (emergency) rollover can use trust history service to get back on | track. The trust history location is assumed available from the | validator configuration. The validator then fetches old DNSKEY | RRsets and checks they form a chain to the latest key. Doesn't this defeat the purpose of key rollovers? -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
