Tony Finch <dot@dotat.at> wrote: >> I also want regular rollover, and I'd like it to be frequent enough that it >> gets tested. I also want it infrequent enough to never be without an anchor. > Trust anchor lifetime can be decoupled from rollover frequency. > If keys are generated a few years in advance of going into active use, > there is plenty of time for them to be disseminated beforehand. They do > not have to be pre-published in the zone (although that is what RFC 5011 > was designed for); they can be distributed out of band by software updates > or other means. If there are annual rollovers with keys generated N years > in advance, at any time there will be N pre-published keys one of which > might be pre-published in the zone, one active KSK in production, and > maybe one in retirement. Yes, I'd like to do that. I'd like N=10, and the roll-over frequency to be yearly. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-