dnsext-2----Page:8
1 2 3 4 5 6 7 8 9 10 11
|
Example - Deleting a Trust Anchor Assume existing trust anchors 'A' and 'B' and that you want to revoke and delete 'A'. Set the revocation bit on key 'A'. Sign the DNSKEY RRSet with both 'A' and 'B'. 'A' is now revoked. The operator SHOULD include the revoked 'A' in the RRSet for at least the remove hold-down time, but then may remove it from the DNSKEY RRSet. |