Why not just use this key immediately to sign the root zone and then physically destroy the private key?
It's not like TLDs are appearing every day, so all new TLDs additions can be postponed until the next Ceremony.
AlexBesogonov 1 year ago
@AlexBesogonov
Because the signatures made with this (private) key have a certain lifetime which is probably like a few weeks and the key is needed every time to 'refresh' these signatures.
shaflic 1 year ago
Why not just use this key immediately to sign the root zone and then physically destroy the private key?
It's not like TLDs are appearing every day, so all new TLDs additions can be postponed until the next Ceremony.
AlexBesogonov 1 year ago
@AlexBesogonov
Because the signatures made with this (private) key have a certain lifetime which is probably like a few weeks and the key is needed every time to 'refresh' these signatures.
shaflic 1 year ago