Olafur Gudmundsson wrote:
>
> There is much simpler way.
> Just add record to the rootzone that is only signed by the new key.
> If resolver returns AD bit it has the new key.
>
> All that is needed is to sign a Rrset for a long time and add it at to
> the rootzone and make sure no ZSK signs it.
>

this.

-- 
Paul Vixie

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to