[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)
S Moonesamy
sm+icann at elandsys.com
Mon Sep 22 23:11:44 UTC 2014
Hi Tomofumi,
At 11:40 22-09-2014, Tomofumi Okubo wrote:
>I like the idea of assessing the risks of doing the KSK rollover.
>
>Do you think it will help to facilitate this discussion if we perform
>a high-level risk assessment for the KSK rollover in this group so we
>can form a rough consensus around what exactly the risks are and how
>they should be treated?
I suggest getting rough consensus on the interpretation of the
following sentence:
"Each RZ KSK will be scheduled to be rolled over through a key
ceremony as required, or after 5 years of operation."
The reason I chose that sentence is because a discussion of a
high-level risk assessment (ICANN document) for the KSK roll-over
might not be that productive as a first step.
>Risks could actually be dealt in four ways; mitigate, accept, transfer
>or avoid. Avoiding (not doing it) is one way but not the only way.
Agreed.
>Also, I'd like to stress that we are not just talking about present
>but the future. The day the algorithm (or key length) is going be
>obsolete is coming no matter what. Sometimes, not taking precaution
>could be seen as lack of due diligence. I believe if we don't take
>action now, the issue is going to get bigger in the future.
Agreed.
Regards,
S. Moonesamy
More information about the ksk-rollover
mailing list