[gtld-tech] .DESI to Be Placed in the Emergency Back-end Registry Operator Program

[Wes Hardaker]

Bill Woodcock via gtld-tech <gtld-tech at icann.org> writes:

> My argument is that if something’s worth doing, it’s worth doing well.

"Well" is in the eyes of the user that has to depend on the zone being
functional.  Sometimes operational stability when a roll of any kind is
difficult is more important than ensuring the zone is continually
dnssec signed.  You have to consider many parameters, like the length of
time it would be unsigned, the possibility of an attack during that
time, and the likelihood of an operational outage due to a failure
because of some parameter that will cause difficulty in ensuring a
proper roll.

You may recall I even wrote a draft [0] on this subject that actually
had a lot more support for it than I was expecting it to get.

[0]: https://datatracker.ietf.org/doc/draft-hardaker-dnsop-intentionally-temporary-insec/
-- 
Wes Hardaker
USC/ISI