[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

Paul Hoffman paul.hoffman at vpnc.org
Sun Sep 21 19:17:02 UTC 2014

On Sep 21, 2014, at 8:41 AM, Joe Abley <jabley at hopcount.ca> wrote:

> One way that an emergency roll is different from a planned roll is that a planned roll can make use of existing non-compromised KSKs and their corresponding trust anchors, whereas an emergency roll (where the emergency is a consequence of a key compromise) might not have that luxury.

Just a placeholder here, but one that some people care about:

A planned rollover could turn into an emergency rollover during the ceremony if it is discovered that the signing hardware for the current key (or all the current keys, if there are more than one) cannot be used.

You can't tell if signing hardware that is not being used (because it purposely offline, maybe in a safe) will be usable until you try.

--Paul Hoffman

More information about the ksk-rollover mailing list