[Unbound-users] On stale keys and Unbound behavior
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Fri Feb 12 14:30:37 UTC 2010
On Fri, Feb 12, 2010 at 02:28:41PM +0100, Olaf Kolkman wrote:
>
>
> In the particular case described in the columnm, RFC5011 methodology might not have worked; an old OS distribution carrying a stale key that is several generations old cannot be tracked using RFC5011 techniques. Wijngaards and Kolkman have been working on a proposal to fix that particular issue: "DNSSEC Trust Anchor History Service" (http://tools.ietf.org/html/draft-wijngaards-dnsop-trust-history).
>
glad to see that work going forward. Manning and Yamaguchi are working on
a similar set of techniques to deal with the unscheduled key rollover issue
based in part on an expired draft that was an alternative to what became RFC 5011.
i suspect that work is complimentary to either RFC 5011 or the -history draft.
--bill
> -- Olaf Kolkman
> NLnet Labs
More information about the Unbound-users
mailing list