[ksk-rollover] root zone KSK rollover operations workshop planning

Phil Regnauld regnauld at nsrc.org
Thu Sep 18 16:08:09 UTC 2014

Michael StJohns (msj) writes:
> d) What is the expected impact on security if the KSK is
> compromised, and we have no way of rolling the KSK? (e.g. single KSK
> in root zone).  Is there an additional real-world cost to end users
> in this event?
> e) Can any of the above be mitigated through a single KSK rollover?
> Through regularly scheduled KSK rollovers?

	The operational experience of doing a single e) will surely help
	determine d).

	Currently, there's an emergency plan (rolling the KSK), and it has
	never been tested. That's proof enough we need to do it.


More information about the ksk-rollover mailing list