[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

manning bill bmanning at isi.edu
Mon Sep 22 23:40:13 UTC 2014


at one point in early discussions, there was a suggestion that the signature validity period expire in 2040,
after the unix epoch.   the thinking was, the # of conversions that would need to be done then would make it
an ideal time to also roll the keys.

and in some alternate universe, that might make lots of sense.

RFC 5011 does make certain presumptions.  The nature of what it means to be connected and what, if any,
field upgrade capability exists have changed.  So will you acknowledge O’Dells law or not?   Will those of you who 
have a dog in this fight want regular existence proof that the backup plans work or not.  (The data center analogy of
regularly testing the backup generators comes to mind.)  

Mike has drilled down on a very good point re emergency rollover.   

/bill
PO Box 12317
Marina del Rey, CA 90295
310.322.8102

On 22September2014Monday, at 15:48, Tomofumi Okubo <tomofumi.okubo at gmail.com> wrote:

> Hello David,
> 
> On Mon, Sep 22, 2014 at 3:04 PM, David Conrad <david.conrad at icann.org> wrote:
> 
>> Perhaps there is some confusion: is anyone actually suggesting we don’t do key rollovers?
> 
> I had an impression that some people are not too enthusiastic about
> it. I'm sorry if I misread it.
> 
>> I certainly am not (if there is any doubt).
> 
> No doubt there.
> 
>> I am trying to draw assumptions and implications out so we can discuss them more fully, with some vague hope of reaching consensus.
> 
> Sounds good to me.
> 
> Thanks,
> Tomofumi
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover



More information about the ksk-rollover mailing list