Feb. 15, 2018
12:36 a.m.
On 15 Feb 2018, at 8:35 am, Paul Hoffman <paul.hoffman@icann.org> wrote:
On Feb 14, 2018, at 12:40 PM, Warren Kumari <warren@kumari.net> wrote:
I think that it would be a useful addition to the script to ensure that, when a new KSK is generated, it does not have the same Key ID as any previous KSKs. If is *does* have the same Key ID, it should be discarded and a new one generated.
As someone who has to write tools to deal with ICANN's trust anchors, I give this proposal two thumbs up.
Warren has done well to point this out, and yes, its a small but important aspect of the key generation process g