[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)
David Conrad
david.conrad at icann.org
Sun Sep 21 18:37:37 UTC 2014
On Sep 21, 2014, at 10:49 AM, Michael StJohns <msj at nthpermutation.com> wrote:
> Worst case is compromise of all trust anchor keys. 5011 allows you to recover from an N-1 compromise (where you have at least one private key associated with the root trust anchor set that hasn't been compromised).
This has always been my problem with 5011-based rollovers.
Given the protections specified in the DPS, all the scenarios in which we have to do an emergency key roll seem ridiculously unlikely. However, I assume we have to be prepared for the worst case scenario. Since 5011 can’t help us with that scenario and emergency key rollovers is a superset of planned rollovers, I’ve been unclear as to the advantage 5011 provides.
And then there is the issue of (likely permanent) lack of universal implementation of 5011...
Am I missing something?
Regards,
-drc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20140921/13df8fee/signature-0001.asc>
More information about the ksk-rollover
mailing list