Dr Eberhard W Lisse via gtld-tech <gtld-tech@icann.org> writes:
Pardon my ignorance, but would such a roll at transfer not require the collaboration of the losing Registry?
[Note: though I'm on the ICANN board, I'm both not speaking for the board and I don't have any direct knowledge of the situation of this particular event in the first place -- I'm speaking purely from a technical and personal perspective only] That's certainly the core of the problem, but the answer depends on a lot of things like the signature timing of the current records, the TTLs of those records and the DS record, etc. You can do things to minimize the impact if you don't have the original DNSKEY but it may not be trivial if the timing constraints don't let you do something safer. Certainly one thing you shouldn't do at the same time is an algorithm roll, as that would increase the complexity significantly. -- Wes Hardaker USC/ISI