Fred Baker <fred@isc.org> wrote:
The key consideration is that key rollovers are a "usual" event, and as such the key(s) should be something learned from the root and the root servers, not something configured or compiled into the resolver software.
However there has to be a bootstrap mechanism, and the only one available is for the validator vendor to provide an initial key set. I agree that rollovers need to be routine (I think annual makes sense) but they have to be planned with software releases in mind. This might require keys to be generated and promulgated out of band a long time before they are published in the zone or used for signing. Then a vendor package can include root keys covering the next couple of years, say. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ promote human rights and open government