paul@vix.com (Paul Vixie) writes:
EARLY KEY ROLLOVER
---
In light of the recently announced OpenSSL security advisory: RSA Signature Forgery (CVE-2006-4339), ISC has instigated an early rollover of the DLV Key Signing Key (KSK). ISC reccomends reconfiguration of resolvers to use the DLV KSK published on September 21, 2006.
The old KSK will be retired on September 29, 2006.
---
see http://www.isc.org/ops/dlv/ for details, and note that there's now a dlv-announce@ mailing list where folks can subscribe to learn about changes to the dlv trust anchor. _______________________________________________ dns-operations mailing list dns-operations@lists.oarci.net http://lists.oarci.net/mailman/listinfo/dns-operations
LarrySheldon@cox.net ("Laurence F. Sheldon, Jr.") writes:
My mail reader can sanitize HTML mail for me, but it was stymied by this one. What is it?
included as above in even plainer text. my mail user-agent is emacs/mh-e, and i as far as i know it could not generate or consume HTML mail even if i tried. smb@cs.columbia.edu ("Steven M. Bellovin") wrote:
Paul, what exponent does the new key use? (I clicked on the public key link, but I can't decode the base64 that easily...)
it was made with bind9's "dnssec-keygen" utility, using the -e option, so... -e use large exponent (RSAMD5/RSASHA1 only) ...hopefully it's a good exponent. (every few years someone tries to explain to me what a key exponent is, i think you steve have tried, but it just doesn't stick.) -- ISC Training! October 16-20, 2006, in the San Francisco Bay Area, covering topics from DNS to DHCP. Email training@isc.org. -- Paul Vixie