On 10/11/2018 12:22, Viktor Dukhovni wrote: > Both irtf.org and ietf.org seem optimized for more DNSSEC signing > key security than is operationally wise > They are DNSSEC-signed roughly once each year, > with correspondingly long RRsigs. Next year; don't forget to increase the serial ;-) -- Marco