[ksk-rollover] root zone KSK rollover operations workshop planning
Phil Regnauld
regnauld at nsrc.org
Thu Sep 18 16:08:09 UTC 2014
Michael StJohns (msj) writes:
> d) What is the expected impact on security if the KSK is
> compromised, and we have no way of rolling the KSK? (e.g. single KSK
> in root zone). Is there an additional real-world cost to end users
> in this event?
>
> e) Can any of the above be mitigated through a single KSK rollover?
> Through regularly scheduled KSK rollovers?
The operational experience of doing a single e) will surely help
determine d).
Currently, there's an emergency plan (rolling the KSK), and it has
never been tested. That's proof enough we need to do it.
Phil
More information about the ksk-rollover
mailing list