This document provides a number or "requirements" for key-rollover in a
DNSSEC operational environment.
DNSSEC has been designed in such a way that zone operators can roll
their key-signin key, when those key-signing keys are configured as
trust anchors in remote resolvers those resolvers should automatically
adapt to these changes. This document sets out the requirements that
must be met by a DNS trust-anchor rollover solution for DNSSEC aware
As described in section 1 and 2, this document is intended to capture
the various requirements and use those in making a trade-off between
the various proposals that were available to the group. These
requirements acted as "goals". With the selection of
draft-ietf-dnsext-trustupdate-timers this document has no further
relevance. It is requested to be published as informational.
Working Group Summary
Please see the PROTO statement for significant issues raised by one
member of the WG.
The PROTO statement lists a number of specific reviewers for this