Feb. 14, 2018
9:35 p.m.
On Feb 14, 2018, at 12:40 PM, Warren Kumari <warren@kumari.net> wrote:
I think that it would be a useful addition to the script to ensure that, when a new KSK is generated, it does not have the same Key ID as any previous KSKs. If is *does* have the same Key ID, it should be discarded and a new one generated.
As someone who has to write tools to deal with ICANN's trust anchors, I give this proposal two thumbs up. --Paul Hoffman