[92452] in North American Network Operators' Group
fyi-- [dns-operations] early key rollover for dlv.isc.org
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Sep 21 12:33:30 2006
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
Date: Thu, 21 Sep 2006 16:32:36 +0000
Errors-To: owner-nanog@merit.edu
--=-=-=
fyi:
--=-=-=
Content-Type: message/rfc822
Content-Disposition: attachment; filename=3599
Content-Description: forwarded message
Return-Path: <dns-operations-bounces@lists.oarci.net>
X-Original-To: paul@vix.com
Delivered-To: vixie@sa.vix.com
Received: from in2.oarc.isc.org (mail.oarc.isc.org [IPv6:2001:4f8:0:2::43])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by sa.vix.com (Postfix) with ESMTP id 7364211425
for <paul@vix.com>; Thu, 21 Sep 2006 16:31:02 +0000 (UTC)
(envelope-from dns-operations-bounces@lists.oarci.net)
Received: from in2.oarc.isc.org (localhost.oarc.isc.org [IPv6:::1])
by in2.oarc.isc.org (Postfix) with ESMTP id 32FB02E023;
Thu, 21 Sep 2006 16:31:01 +0000 (UTC)
(envelope-from dns-operations-bounces@lists.oarci.net)
X-Original-To: dns-operations@lists.oarci.net
Delivered-To: dns-operations@oarc.isc.org
Received: from sa.vix.com (sa.vix.com [IPv6:2001:4f8:3:bb::1])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by in2.oarc.isc.org (Postfix) with ESMTP id D1A6A2E01F
for <dns-operations@lists.oarci.net>;
Thu, 21 Sep 2006 16:17:09 +0000 (UTC) (envelope-from vixie@vix.com)
Received: from sa.vix.com (localhost [127.0.0.1])
by sa.vix.com (Postfix) with ESMTP id 8C5C911438
for <dns-operations@lists.oarci.net>;
Thu, 21 Sep 2006 16:17:09 +0000 (UTC)
(envelope-from vixie@sa.vix.com)
From: Paul Vixie <paul@vix.com>
To: dns-operations@lists.oarci.net
X-Mailer: MH-E 8.0.2; nmh 1.0.4; GNU Emacs 21.3.1
Date: Thu, 21 Sep 2006 16:17:09 +0000
Message-ID: <8394.1158855429@sa.vix.com>
Subject: [dns-operations] early key rollover for dlv.isc.org
X-BeenThere: dns-operations@lists.oarci.net
X-Mailman-Version: 2.1.7
Precedence: list
List-Id: DNS Operations <dns-operations.lists.oarci.net>
List-Unsubscribe: <http://lists.oarci.net/mailman/listinfo/dns-operations>,
<mailto:dns-operations-request@lists.oarci.net?subject=unsubscribe>
List-Archive: <http://lists.oarci.net/pipermail/dns-operations>
List-Post: <mailto:dns-operations@lists.oarci.net>
List-Help: <mailto:dns-operations-request@lists.oarci.net?subject=help>
List-Subscribe: <http://lists.oarci.net/mailman/listinfo/dns-operations>,
<mailto:dns-operations-request@lists.oarci.net?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dns-operations-bounces@lists.oarci.net
Errors-To: dns-operations-bounces@lists.oarci.net
EARLY KEY ROLLOVER
---
In light of the recently announced OpenSSL security advisory: RSA Signature
Forgery (CVE-2006-4339), ISC has instigated an early rollover of the DLV Key
Signing Key (KSK). ISC reccomends reconfiguration of resolvers to use the DLV
KSK published on September 21, 2006.
The old KSK will be retired on September 29, 2006.
---
see http://www.isc.org/ops/dlv/ for details, and note that there's now a
dlv-announce@ mailing list where folks can subscribe to learn about changes
to the dlv trust anchor.
_______________________________________________
dns-operations mailing list
dns-operations@lists.oarci.net
http://lists.oarci.net/mailman/listinfo/dns-operations
--=-=-=--
