[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

S Moonesamy sm+icann at elandsys.com
Mon Sep 22 23:11:44 UTC 2014

Hi Tomofumi,
At 11:40 22-09-2014, Tomofumi Okubo wrote:
>I like the idea of assessing the risks of doing the KSK rollover.
>Do you think it will help to facilitate this discussion if we perform
>a high-level risk assessment for the KSK rollover in this group so we
>can form a rough consensus around what exactly the risks are and how
>they should be treated?

I suggest getting rough consensus on the interpretation of the 
following sentence:

   "Each RZ KSK will be scheduled to be rolled over through a key
    ceremony as required, or after 5 years of operation."

The reason I chose that sentence is because a discussion of a 
high-level risk assessment (ICANN document) for the KSK roll-over 
might not be that productive as a first step.

>Risks could actually be dealt in four ways; mitigate, accept, transfer
>or avoid. Avoiding (not doing it) is one way but not the only way.


>Also, I'd like to stress that we are not just talking about present
>but the future. The day the algorithm (or key length) is going be
>obsolete is coming no matter what. Sometimes, not taking precaution
>could be seen as lack of due diligence. I believe if we don't take
>action now, the issue is going to get bigger in the future.


S. Moonesamy  

More information about the ksk-rollover mailing list