Lucas/env
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Update ZSK rotation instructions

Browse Source
This commit is contained in:
Lucas 2020-12-27 15:47:54 +00:00
parent 0ffa5a95e4
commit 4155ad9324
No known key found for this signature in database
GPG Key ID: 5DBF6E3FFBF257DD
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
procedures/key-rotation.txt
View File

@ -15,9 +15,10 @@ Assumes:
3. Sign DNSKEY RRs with KSK 3. Sign DNSKEY RRs with KSK
4. Sign rest of the zone with ZSK_c 4. Sign rest of the zone with ZSK_c
5. Publish signed zones, which includes: 5. Publish signed zones, which includes:
- DNSKEY RRs for ZSK_c and ZSK_n signed by KSK - DNSKEY RRs for ZSK_p, ZSK_c and ZSK_n signed by KSK
- Every other RR signed by ZSK_c - Every other RR signed by ZSK_c
- Does not include ZSK_p DNSKEY RR nor any RRSIG signed by ZSK_p - Does not include any RRSIG signed by ZSK_p
6. After cache expires, delete ZSK_p DNSKEY RR.
NSEC3PARAM NSEC3PARAM
---------- ----------