Moin!
On 29 Jun 2015, at 22:48, Warren Kumari wrote:
I've written a draft that proposes a different way of performing root
key rollover that exposes who all has which key - this allows one to
know that 99.8% of resolvers have the new key, who has the old one,
and who will break.
It does this by encoding the current set of TAs that the resolver has
into a query, and using that to fetch the new keys. By watching
queries at the root one can see the population of people with each TA,
and watch that change over time. This was written for root key roll,
but is applicable to any TA in the tree.
So while this might work with future root key rollovers, I think it's to
late for this one, as it requires all software (root servers and
validating resolvers) to be updated, and one concern that we have with
the root key rollover is old software.
On another note, how does that interact with the root loopback draft,
where the resolver doesn't ask the root at all, but the local copy of
the root zone?
So long
-Ralf
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
