[ksk-change] Helping the panel name the reasons for the KSK rollover
richard.lamb at icann.org
Mon Feb 23 16:40:46 UTC 2015
Both ZSK and KSK DPSs were written and cleared by all the root zone
management partners design team (VRSN, ICANN, NTIA) so I believe DPSs and
requirements documents are consistent with each other.
That was my understanding...we would roll but when was up for discussion.
Do you see a contradiction?
Happy to hear what others think. I am not the best at details like
From: ksk-rollover-bounces at icann.org [mailto:ksk-rollover-bounces at icann.org]
On Behalf Of Paul Hoffman
Sent: Monday, February 23, 2015 5:30 PM
To: Ashley Heineman
Cc: ksk-rollover at icann.org
Subject: Re: [ksk-change] Helping the panel name the reasons for the KSK
On Feb 23, 2015, at 8:11 AM, Ashley Heineman <AHeineman at ntia.doc.gov> wrote:
> Just want to point out that "scheduled rollover of the KSK" was an
original basic requirement when DNSSEC was implemented at the root.
Specifically (as referenced in the baseline requirements, with the footnote
> "c) Root Zone KSK Rollover
> i) Scheduled rollover of the RZ KSK shall be performed.12
> 12 The Department envisions the timeline for scheduled rollover of the
> RZ KSK to be jointly developed and proposed by ICANN and VeriSign,
> based on consultation and input from the affected parties (e.g. root
> server operators, large-scale resolver operators, etc). Note that
subsequent test plans may specify more or less frequent RZ KSK rollover to
ensure adequate testing."
Is that subsumed by "DPS statement -- Section 6.5 of the DPS for the root
zone says that the KSK will be rolled over after five years of operation,
and that time has already passed.", or do you consider the contents of that
footnote a separate issue?
ksk-rollover mailing list
ksk-rollover at icann.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5456 bytes
Desc: not available
More information about the ksk-rollover