March 29, 2019
2:32 p.m.
On 08:10 29/03, Geoff Huston wrote:
I have no idea Paul - but I do know that once the key is destroyed the entire conversation is kinda pointless, and I thought it was a little bit preemptory to slam the door shut on such musings..
Actually, I can see an use for the KSK-2010 yet. We can measure the "sunsetting" of this key from the resolvers by having a special record in somewhere signed only by KSK-2010, and by testing its validation status from a resolver we could know if it's revoked or if its still configured as a trust anchor. Having the certainty of speed of sunset is useful in the case of compromise of a key, where you'd want to invalidate it quickly. Hugo Salgado