« Reply #5478 on: October 01, 2017, 03:42:09 PM »
I
nternet wide security update on hold:
https://lists.dns-oarc.net/pipermail/dns-operations/2017-September/016766.htmlThere are a number of reasons why systems may not be ready to accept the new KSK key:
An old configuration with the 2010 key written into the code itself.
A failure to implement the RFC 5011 protocol that will automatically update the key.
Flaws or conflicts in software that prevent the automatic rollover from happening, or accepting the change when it does happen.
No matter what the reason, it is an indication of how incredibly difficult it is to update the internet on a network-wide basis. Just look at IPv6.
pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!