Lucas/env
1
0
Fork 0
Code Issues Pull requests Releases Activity

Update ZSK rotation instructions

Browse source
This commit is contained in:
Lucas 2020-12-27 15:47:54 +00:00
parent 0ffa5a95e4
commit 4155ad9324
No known key found for this signature in database
GPG key ID: 5DBF6E3FFBF257DD
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
procedures/key-rotation.txt
View file

@ -15,9 +15,10 @@ Assumes:
3. Sign DNSKEY RRs with KSK
4. Sign rest of the zone with ZSK_c
5. Publish signed zones, which includes:
- DNSKEY RRs for ZSK_c and ZSK_n signed by KSK
- DNSKEY RRs for ZSK_p, ZSK_c and ZSK_n signed by KSK
- Every other RR signed by ZSK_c
- Does not include ZSK_p DNSKEY RR nor any RRSIG signed by ZSK_p
- Does not include any RRSIG signed by ZSK_p
6. After cache expires, delete ZSK_p DNSKEY RR.
NSEC3PARAM
----------