Hi folks,
For your information, I setup a testing page for the second lab test of algorithm rollover: https://yeti-dns.org/alg-roll-test.html . The difference between the first trial and the second is that we add stand-by key and have a powerDNS resolver in this testbed. This experiment will start from April 29th and end on 1st of Jun. If you are interested, please join us and follow the instruction on the page.
**Note that the experiment will start on April 29th, 0200 UTC when new KEY and signatures will be published. Resolvers setup after that time are not able to roll automatically.**
Best regards,
Davey
发件人: Davey Song(宋林健) [mailto:ljsong@biigroup.cn]
发送时间: 2019年4月10日 18:32
收件人: 'ksk-rollover@icann.org'
主题: Stand-by KSK for algorithm rollover
Hi folks,
I noticed that no stand-by KSK is pre-published in 2017-ksk rollover, right? I put it due to the limitation of size of DNS response. Any other concerns on stand-by KSK in real production network?
Now I’m planning to put a stand-by key in algorithm rollover in my lab test. Because I think ECDSA saves much space than RSA, so maybe it is time to consider Stand-by key for algorithm rollover. Is there any special consideration should be taken care for stand-by key in algorithm rollover. Thanks in advance.
Best regards,
Davey