> On 4 May 2018, at 3:06 am, Paul Vixie <p...@redbarn.org> wrote:
> 
> what are the implications for older (pre-KSKROLL) validators when icann 
> eventually rolls the key?

I assume that you are referring to security-aware resolvers that do not perform 
the actions specified in this draft. There are no implications at all for these 
resolvers.

Any trusted key measurement conducted using such a resolver will show that the 
resolver is a security-aware resolver, but is not performing the sentinel 
method.


Geoff
 
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to