On 30 okt 2008, at 10.28, Jakob Schlyter wrote:
I do however believe that changing the holder of the KSK will be complicated, unless a proven automatic key rollover mechanism has been developed, implemented _and_ deployed. so while I wouldn't hold my breath waiting for this to happen, I hope that the initial KSK holder will be stable and that it is possible to transfer the KSK in case the holder needs to be changed.
Fair... Now, we had this bullet: K - Changes to the entities and roles in the signing process must not require a change of keys. Then I thought about changing it to the following: K - Changes to the entities and roles in the signing process should minimize issues related to potential changes in keys when the entities changes. Now, I am a bit confused... :-) Jakob, Ed, others...do you have any suggestion on text? Patrik