[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

David Conrad david.conrad at icann.org
Sun Sep 21 18:37:37 UTC 2014

On Sep 21, 2014, at 10:49 AM, Michael StJohns <msj at nthpermutation.com> wrote:
> Worst case is compromise of all trust anchor keys.  5011 allows you to recover from an N-1 compromise (where you have at least one private key associated with the root trust anchor set that hasn't been compromised).  

This has always been my problem with 5011-based rollovers.

Given the protections specified in the DPS, all the scenarios in which we have to do an emergency key roll seem ridiculously unlikely.  However, I assume we have to be prepared for the worst case scenario. Since 5011 can’t help us with that scenario and emergency key rollovers is a superset of planned rollovers, I’ve been unclear as to the advantage 5011 provides.

And then there is the issue of (likely permanent) lack of universal implementation of 5011...

Am I missing something?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20140921/13df8fee/signature-0001.asc>

More information about the ksk-rollover mailing list