Geoff Huston <gih@apnic.net> writes:
I have no idea Paul - but I do know that once the key is destroyed the entire conversation is kinda pointless, and I thought it was a little bit preemptory to slam the door shut on such musings..
I came to the same conclusion after hearing the discussion: there is no software or device today that can make use of a yet-undefined chain, and thus the need to anchor it to the single starting point in history is potentially not helpful. It may "look cleaner", but I can't think of a technical reason why it's necessary. Assuming a new protocol for doing history chaining of some kind, all on-the-shelf devices that suddenly have it implemented should simultaneously be chaining it back to only the current KSK, which is KSK-2017 not KSK-2010 (and should stop going backward once it hits the current trust anchor). -- Wes Hardaker USC/ISI