[ksk-rollover] root zone KSK rollover operations workshop planning

Anne-Marie Eklund-Löwinder anne-marie.eklund-lowinder at iis.se
Thu Sep 18 15:49:28 UTC 2014

> -----Ursprungligt meddelande-----
> Från: ksk-rollover-bounces at icann.org [mailto:ksk-rollover-
> bounces at icann.org] För Paul Hoffman
> Skickat: den 18 september 2014 16:30
> Till: ksk-rollover at icann.org
> Ämne: Re: [ksk-rollover] root zone KSK rollover operations workshop planning
> +1
> Given that there is no cryptographic reason to roll the KSK under the current
> policies, it would be good to have a list of the perceived operational reasons to
> roll the KSK. With that, we can come up with a better argument for the
> timeframe.
> --Paul Hoffman

I believe that it is stated in the DPS, but except from that, there is no obvious reason afaik. But, with the experience we have, it is better to do it now rather than until the root zone and the people dependent on the rot key signing key are bigger in numbers. That is one thing that .SE learned when WE were a trust anchor (before the root was signed). You will most certainly need to do it some time, and from my opinion it is better earlier than later.


Anne-Marie Eklund Löwinder
Chief Information Security Officer
.SE (The Internet Infrastructure Foundation)
Direct: +46(8)-452 35 17 | Mobile: +46(73)-43 15 310 
PO Box 7399, SE-103 91 Stockholm, Sweden
Twitter: @amelsec
Visitors: Ringvägen 100

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 182 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20140918/40c8629b/PGP.sig>

More information about the ksk-rollover mailing list