> On 4 May 2018, at 3:06 am, Paul Vixie <p...@redbarn.org> wrote: > > what are the implications for older (pre-KSKROLL) validators when icann > eventually rolls the key?
I assume that you are referring to security-aware resolvers that do not perform the actions specified in this draft. There are no implications at all for these resolvers. Any trusted key measurement conducted using such a resolver will show that the resolver is a security-aware resolver, but is not performing the sentinel method. Geoff _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop