Oct. 1, 2014
9:15 p.m.
On 1 okt 2014, at 23:00, Michael StJohns <msj@nthpermutation.com> wrote:
Having two keys - in the trust anchor set - should be the minimum steady state. It means that you can compromise one of them and still recover without needing to do a full trust reboot.
That only makes sense if you maintain and protect the keys separately, something that comes with a considerable cost. We did considering this when the current Root DNSSEC was engineered, and IIRC the cost/benefit analysis did not justify such a scheme. jakob