From: Peter Palfrader Date: Sun, 14 Feb 2010 19:59:54 +0000 (+0100) Subject: Tweaks X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-wiki.git;a=commitdiff_plain;h=2b0594d99ca6ce3827ed1ad8c780cb0f23df5173 Tweaks --- diff --git a/input/dsablog/2010/02/Securing_the_Debian_zones.mdwn b/input/dsablog/2010/02/Securing_the_Debian_zones.mdwn index 9cd3524..2e93771 100644 --- a/input/dsablog/2010/02/Securing_the_Debian_zones.mdwn +++ b/input/dsablog/2010/02/Securing_the_Debian_zones.mdwn @@ -50,14 +50,14 @@ on the [debian-infrastructure-announce](http://lists.debian.org/debian-infrastructure-announce/) list until such time that our zones are reachable from a [signed root](http://www.root-dnssec.org/). KSK rollovers for our own -child zones (www.d.o et al), once signed, will not be announced because +child zones (www.d.o et al.), once signed, will not be announced because we can just put proper [DS records](http://en.wikipedia.org/wiki/List_of_DNS_record_types#DS) in the respective parent zone. Until we announce the first set of trust anchors on the mailinglist the keysets present in DNS should not be considered productional. They can -be changed at any time. +be changed at any time, without observing standard rollover practices. See also: