Michael Richardson <mcr+ietf@sandelman.ca> wrote:
I also want regular rollover, and I'd like it to be frequent enough that it gets tested. I also want it infrequent enough to never be without an anchor.
Trust anchor lifetime can be decoupled from rollover frequency. If keys are generated a few years in advance of going into active use, there is plenty of time for them to be disseminated beforehand. They do not have to be pre-published in the zone (although that is what RFC 5011 was designed for); they can be distributed out of band by software updates or other means. If there are annual rollovers with keys generated N years in advance, at any time there will be N pre-published keys one of which might be pre-published in the zone, one active KSK in production, and maybe one in retirement. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Irish Sea: West or southwest 6 to gale 8, decreasing 5 for a time. Rough, becoming moderate. Rain. Moderate or good.