[lacnog] Fwd: [ksk-rollover] Root zone KSK-2010 is now revoked

Nicolas Antoniello nantoniello en gmail.com
Vie Ene 11 12:15:45 -02 2019 

Se cruzaron los mensajes Carlos.

;)


El El vie, 11 de ene. de 2019 a las 12:11, Carlos M. Martinez <
carlosm3011 en gmail.com> escribió:

> FYI,
>
> Este es el último (o penúltimo más bien :-) ) paso en el ciclo de la
> rotación de la KSK.
>
> Si bien ya nadie debería depender de esto para nada, obsérvese que
> cambia el key-tag de la KSK-2010.
>
> s2
>
> /Carlos
>
> Forwarded message:
>
> > From: Matt Larson <matt.larson en icann.org>
> > To: ksk-rollover en icann.org
> > Subject: [ksk-rollover] Root zone KSK-2010 is now revoked
> > Date: Fri, 11 Jan 2019 14:02:05 +0000
> >
> > Dear colleagues,
> >
> > A few moments ago, at 1400 UTC today, 11 January 2019, ICANN's root
> > zone management partner, Verisign, published root zone serial number
> > 2019011100 with the RFC 5011 REVOKE bit set. As a result, KSK-2010's
> > key tag has changed from 19036 to 19164. In addition, the root DNSKEY
> > RRset is now signed with two KSKs: the current KSK (KSK-2017) as well
> > as the former KSK (KSK-2010). The second signature is required by RFC
> > 5011 to prove possession of KSK-2010's private key to assert the
> > revocation. This second signature makes the response to a query for
> > the root zone's DNSKEY RRset increase in size from 1414 bytes to 1425
> > bytes.
> >
> > We don't expect any operational issues from this change. The DNSKEY
> > RRset size increase is small, and other zones currently publish
> > considerably larger apex DNSKEY RRsets without apparent issue. In
> > addition, because KSK-2010 has not been used for signing since the
> > root KSK rollover to KSK-2017 on 11 October 2018, no DNSSEC validators
> > that are currently validating correctly can be depending on it.
> >
> > Nevertheless, please let us know if you suspect any issues or have any
> > questions.
> >
> > For the root zone management partners,
> >
> > Matt
> > --
> > Matt Larson, VP of Research
> > ICANN Office of the CTO
> > matt.larson en icann.org
> >
> > _______________________________________________
> > ksk-rollover mailing list
> > ksk-rollover en icann.org
> > https://mm.icann.org/mailman/listinfo/ksk-rollover
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20190111/9a767db6/attachment.html>

Más información sobre la lista de distribución LACNOG