nanog mailing list archives
Re: fyi-- [dns-operations] early key rollover for dlv.isc.org
From: Paul Vixie <vixie () vix com>
Date: 21 Sep 2006 17:01:45 +0000
paul () vix com (Paul Vixie) writes:
EARLY KEY ROLLOVER --- In light of the recently announced OpenSSL security advisory: RSA Signature Forgery (CVE-2006-4339), ISC has instigated an early rollover of the DLV Key Signing Key (KSK). ISC reccomends reconfiguration of resolvers to use the DLV KSK published on September 21, 2006. The old KSK will be retired on September 29, 2006. --- see http://www.isc.org/ops/dlv/ for details, and note that there's now a dlv-announce@ mailing list where folks can subscribe to learn about changes to the dlv trust anchor. _______________________________________________ dns-operations mailing list dns-operations () lists oarci net http://lists.oarci.net/mailman/listinfo/dns-operations
LarrySheldon () cox net ("Laurence F. Sheldon, Jr.") writes:
My mail reader can sanitize HTML mail for me, but it was stymied by this one. What is it?
included as above in even plainer text. my mail user-agent is emacs/mh-e, and i as far as i know it could not generate or consume HTML mail even if i tried. smb () cs columbia edu ("Steven M. Bellovin") wrote:
Paul, what exponent does the new key use? (I clicked on the public key link, but I can't decode the base64 that easily...)
it was made with bind9's "dnssec-keygen" utility, using the -e option, so... -e use large exponent (RSAMD5/RSASHA1 only) ...hopefully it's a good exponent. (every few years someone tries to explain to me what a key exponent is, i think you steve have tried, but it just doesn't stick.) -- ISC Training! October 16-20, 2006, in the San Francisco Bay Area, covering topics from DNS to DHCP. Email training () isc org. -- Paul Vixie
Current thread:
- fyi-- [dns-operations] early key rollover for dlv.isc.org Paul Vixie (Sep 21)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Steven M. Bellovin (Sep 21)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Alexander Gall (Sep 22)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Laurence F. Sheldon, Jr. (Sep 21)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Paul Vixie (Sep 21)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Steven M. Bellovin (Sep 21)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Joseph S D Yao (Sep 22)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Steven M. Bellovin (Sep 22)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Steven M. Bellovin (Sep 21)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Steven M. Bellovin (Sep 21)
- <Possible follow-ups>
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Fergie (Sep 22)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Joseph S D Yao (Sep 22)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Gregory Hicks (Sep 22)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Steven M. Bellovin (Sep 25)
- Re: fyi-- [dns-operations] early key rollover for dlv.isc.org Fergie (Sep 22)