North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: fyi-- [dns-operations] early key rollover for dlv.isc.org
[email protected] (Paul Vixie) writes: > EARLY KEY ROLLOVER > > --- > > In light of the recently announced OpenSSL security advisory: RSA Signature > Forgery (CVE-2006-4339), ISC has instigated an early rollover of the DLV Key > Signing Key (KSK). ISC reccomends reconfiguration of resolvers to use the DLV > KSK published on September 21, 2006. > > The old KSK will be retired on September 29, 2006. > > --- > > see http://www.isc.org/ops/dlv/ for details, and note that there's now a > [email protected] mailing list where folks can subscribe to learn about changes > to the dlv trust anchor. > _______________________________________________ > dns-operations mailing list > [email protected] > http://lists.oarci.net/mailman/listinfo/dns-operations [email protected] ("Laurence F. Sheldon, Jr.") writes: > My mail reader can sanitize HTML mail for me, but it was stymied by this > one. What is it? included as above in even plainer text. my mail user-agent is emacs/mh-e, and i as far as i know it could not generate or consume HTML mail even if i tried. [email protected] ("Steven M. Bellovin") wrote: > Paul, what exponent does the new key use? (I clicked on the public key > link, but I can't decode the base64 that easily...) it was made with bind9's "dnssec-keygen" utility, using the -e option, so... -e use large exponent (RSAMD5/RSASHA1 only) ...hopefully it's a good exponent. (every few years someone tries to explain to me what a key exponent is, i think you steve have tried, but it just doesn't stick.) -- ISC Training! October 16-20, 2006, in the San Francisco Bay Area, covering topics from DNS to DHCP. Email [email protected] -- Paul Vixie
|