Oct. 1, 2014
8:20 p.m.
On 1 okt 2014, at 21:45, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
It is my impression that having two (or more) KSK keys long term makes 5011 rollovers a bit less problematic, but I could be misunderstanding some of the subtleties of 5011 when mixed with draft-ietf-dnsop-dnssec-key-timing.
Have two keys, and replacing one with another will keep the response sizes about the same over time (given that the key algorithm and size are the same), but other than that I haven't heard this. Perhaps Mike can clarify? jakob