Hi there, we put a draft together on what to do when losing the private key for signing a zone.
Spoiler: One can still do a key-rollover. Any comments are very welcome. Is this something the WG would be interested in? Thanks, Florian ---------- Forwarded message --------- From: <[email protected]> Date: Sun, 12 Oct 2025 at 12:42 Subject: New Version Notification for draft-fobser-dnsop-dnssec-keyrestore-00.txt To: Florian Obser <[email protected]>, Martin Pels <[email protected]> A new version of Internet-Draft draft-fobser-dnsop-dnssec-keyrestore-00.txt has been successfully submitted by Florian Obser and posted to the IETF repository. Name: draft-fobser-dnsop-dnssec-keyrestore Revision: 00 Title: DNSSEC Key Restore Date: 2025-10-12 Group: Individual Submission Pages: 11 URL: https://www.ietf.org/archive/id/draft-fobser-dnsop-dnssec-keyrestore-00.txt Status: https://datatracker.ietf.org/doc/draft-fobser-dnsop-dnssec-keyrestore/ HTML: https://www.ietf.org/archive/id/draft-fobser-dnsop-dnssec-keyrestore-00.html HTMLized: https://datatracker.ietf.org/doc/html/draft-fobser-dnsop-dnssec-keyrestore Abstract: This document describes the issues surrounding the handling of DNSSEC private keys in a DNSSEC signer. It presents operational guidance in case a DNSSEC private key becoming inoperable. -------------------- End of forwarded message -------------------- -- In my defence, I have been left unsupervised. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
