[gtld-tech] .DESI to Be Placed in the Emergency Back-end Registry Operator Program

[Viktor Dukhovni]

On Thu, Oct 19, 2023 at 08:40:12PM -0700, Wes Hardaker via gtld-tech wrote:

> > My argument is that if something’s worth doing, it’s worth doing well.
> 
> "Well" is in the eyes of the user that has to depend on the zone being
> functional.  Sometimes operational stability when a roll of any kind is
> difficult is more important than ensuring the zone is continually
> dnssec signed.  You have to consider many parameters, like the length of
> time it would be unsigned, the possibility of an attack during that
> time, and the likelihood of an operational outage due to a failure
> because of some parameter that will cause difficulty in ensuring a
> proper roll.
> 
> You may recall I even wrote a draft [0] on this subject that actually
> had a lot more support for it than I was expecting it to get.
> 
> [0]: https://datatracker.ietf.org/doc/draft-hardaker-dnsop-intentionally-temporary-insec/

Indeed, a potential outage during a botched rollover needs to be one of
the transition plan considerations.

But I think there's a case for at least seriously considering, and at
the appropriate opportunity, at least once, practicing, a more graceful
transition in the case of a TLD, some of whose delegated zones could
alternatively be unwitting casualties of DNSSEC being turned off (they
may have operational dependencies on DNSSEC being available).

The question at hand is whether this was a plausible opportunity.
Perhaps not this time, but ideally before an emergency operator change
is required for a more critical TLD???

-- 
    Viktor.