* W. C. A. Wijngaards:

> Hi,
>
> Just new in the dnsop wg tools page:
> http://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history-00

I don't understand this part:

| DNSSEC [RFC4034] validators that have been offline or have missed an
| (emergency) rollover can use trust history service to get back on
| track.  The trust history location is assumed available from the
| validator configuration.  The validator then fetches old DNSKEY
| RRsets and checks they form a chain to the latest key.

Doesn't this defeat the purpose of key rollovers?

-- 
Florian Weimer                <fwei...@bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to