Geoff Huston wrote:
On 4 May 2018, at 3:06 am, Paul Vixie<p...@redbarn.org> wrote:
what are the implications for older (pre-KSKROLL) validators when
icann eventually rolls the key?
I assume that you are referring to security-aware resolvers that do
not perform the actions specified in this draft. There are no
implications at all for these resolvers.
Any trusted key measurement conducted using such a resolver will show
that the resolver is a security-aware resolver, but is not performing
the sentinel method.
thanks. i feared for a moment a second TCR.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
