Jan. 6, 2019
6:04 p.m.
On Jan 6, 2019, at 9:47 AM, StJohns, Michael <msj@nthpermutation.com> wrote:
I haven’t been paying attention. Is anything being signed by ksk2010 anymore?
No.
If not, then revoking it should be the very definition of a non-event.
...assuming that all software has implemented RFC 5011 completely correctly. We are not assuming that, which is why we will be looking for problems after the publication. This will be the first time that root zone will have a record with the revoke bit set in any DNSKEY record. --Paul Hoffman