[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

Michael StJohns msj at nthpermutation.com
Sun Sep 21 17:27:28 UTC 2014

On 9/21/2014 11:41 AM, Joe Abley wrote:
> One way that an emergency roll is different from a planned roll is that a planned roll can make use of existing non-compromised KSKs and their corresponding trust anchors, whereas an emergency roll (where the emergency is a consequence of a key compromise) might not have that luxury.

This is probably not the definition the rest of us are using. 
Emergency:  Action taken because a key is compromised.  Planned: Action 
taken because its time to do so.  The state of the key data set is 
orthogonal to whether a key change is planned or emergency, but has a 
substantial affect on the actions taken during the key change.


More information about the ksk-rollover mailing list