Hi folks,

I noticed that no stand-by KSK is pre-published in 2017-ksk rollover, right? I put it due to the limitation of size of DNS response. Any other concerns on stand-by KSK in real production network?

Now I’m planning to put a stand-by key in algorithm rollover in my lab test. Because I think ECDSA saves much space than RSA, so maybe it is time to consider Stand-by key for algorithm rollover. Is there any special consideration should be taken care for stand-by key in algorithm rollover. Thanks in advance.

Best regards,

Davey