> On Nov 16, 2016, at 18:56, Mikael Abrahamsson <swm...@swm.pp.se> wrote: > > So if it's manufactured the day before a new key is publically released, when > is the key material it has built in no longer viable to have successful > DNSSEC validation?
Do the first (only) bootstrap without validation if validation fails? Doing DNSSEC for names pointing to NTP servers (or other time sources) have a similar concern. Ask _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
