[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

[David Conrad]

On Sep 22, 2014, at 8:50 AM, S Moonesamy <sm+icann at elandsys.com> wrote:
> Based on publicly available information there is physical access every six months per KMF.  I suggested to IKOS to have any planned key roll-over within that event.  That is to avoid any additional physical access [1].

Sounds reasonable. Of course, if there are multiple keys, it may mean additional KMFs are necessary which means the current physical access strategy may not be applicable.

> Nobody will want to authorize an emergency roll-over as (a) and (b) will weigh heavily against doing that.

It isn’t a question of want. You are assuming there is an option to not authorize an emergency key roll?  

> I am personally aware of (c).  I have never viewed the time as an issue; I am there to perform a task and I would like to see it done correctly.

Thank you (sincerely) for your efforts.  However, I’ve been told by several people that it is becoming increasingly challenging to get sufficient TCRs to show up for key ceremonies.

> I agree that it is likely that rolling a key (d) will break things.  The discussions (not on this mailing list) about that have been about how much will break and who will be affected.

I believe topics like what will break, who it will affect, and mitigation/recovery strategies would be useful topics for the workshop.

Regards,
-drc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20140922/047c6be8/signature-0001.asc>