On Sun, Jan 6, 2019 at 13:04 Paul Hoffman <paul.hoffman@icann.org> wrote:

On Jan 6, 2019, at 9:47 AM, StJohns, Michael <msj@nthpermutation.com> wrote:
>
> I haven’t been paying attention. Is anything being signed by ksk2010 anymore?

No.

> If not, then revoking it should be the very definition of a non-event.

...assuming that all software has implemented RFC 5011 completely correctly. We are not assuming that, which is why we will be looking for problems after the publication. This will be the first time that root zone will have a record with the revoke bit set in any DNSKEY record.

--Paul Hoffman

So you’re telling me that no one got copies of all of the various resolvers and tried to feed them a revoked key of any sort?

Strange. Mike