I am getting confused about the timing of ZSK rollover in Top Level Domain. In the course of ZSK rollover in TLD, all the DS records submitted by child zones will be re-signed and thus the workload is large. Here below is my observation:
com. – 1 weeks
org. – 3 weeks
asia. – 3 weeks
my. – 3 months
th. – 1 week
I can not locate any RFC related to this technical aspect. Intuitively, from a security angle, I incline to think 3 months is too long while 1 week ZSK will introduce heavy workload on the name servers. I tend to think 3 – 4 weeks is the best option.
No comments:
Post a Comment