In the solution space for trust anchor key rollover, there are two
individual Internet drafts:

http://www.ietf.org/internet-drafts/...sdda-rr-01.txt
http://www.ietf.org/internet-drafts/...rem-dns-01.txt

Implementation work has been done, so that updated software tools are
now available (GPL'ed free software). See
http://www.connotech.com/takrem_tool...ndry_02.tar.gz

This update includes a complete solution for DNS zone management
procedures (i.e. trust anchor key management and DNS authoritative
nameserver operations), and an API for TAKREM support in DNSSEC-aware
resolver software.

The software development planning aspects are covered in two documents,
respectively for the server side at
http://www.connotech.com/trustanchfoundry_09.pdf and the client side at
http://www.connotech.com/takrollover_06.pdf.

If the DNSSEC security services are important enough to deserve good
trust anchor key procedures, here they are.

Enjoy!

--

- Thierry Moreau

CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, Qc
Canada H2M 2A1

Tel.: (514)385-5691
Fax: (514)385-5900

web site: http://www.connotech.com
e-mail: thierry.moreau@connotech.com



--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: