[ksk-rollover] Current status of KSK-RollOver?

Thu Aug 23 13:44:55 UTC 2018

On Aug 16, 2018, at 4:39 AM, Rene 'Renne' Bartsch, B.Sc. Informatics via ksk-rollover <ksk-rollover at icann.org<mailto:ksk-rollover at icann.org>> wrote:

how are the chances to make the 10/11/2018 for the Root Zone KSK Rollover?

The ICANN staff on the root KSK roll project are working to provide the Board with appropriate information so they can make an informed decision. As for the chances of the rollover proceeding on schedule, it would be inappropriate for us to predict the ICANN Board's actions.

On Aug 23, 2018, at 7:12 AM, Chris Thompson <cet1 at cam.ac.uk<mailto:cet1 at cam.ac.uk>> wrote:

On Aug 16 2018, Rene 'Renne' Bartsch asked:

how are the chances to make the 10/11/2018 for the Root Zone KSK Rollover?

and I suppose we can take the ICANN documents referenced in Paul's Hoffman's
post today as part of an answer to that.
Also the latest "Call for Participation" in ICANN 63 (20-25 October) includes
this nugget:

| 2. Post KSK Rollover
| Following the Root Key Rollover, we would like to bring together a panel of
| people who can talk about lessons learned from this KSK Rollover and lessons
| learned for the next time

which sounds almost hubristically confident. No mention of "or alternatively,
we will talk about why we had to back off yet again".

I think our optimistic position for ICANN63 planning purposes is reasonable and I would not characterize it as "hubristically confident" (though I'm going to remember that expression and use it some day!). Certainly if the KSK roll is postponed, that would change the content of post-11 October meetings.

One thing mentioned in
https://www.icann.org/news/blog/minimal-user-impact-expected-from-root-zone-key-signing-key-ksk-rollover
from 18 July was

| Looking forward, the ICANN org will soon reach out to the 1,000 Internet
| Service Providers (ISPs) with the most active resolver traffic that suggests
| DNSSEC validation has been enabled in order to ensure they aware that the
| root KSK roll will occur on 11 October 2018. Those ISPs will also be surveyed
| on their preparation plans for the rollover, which may cause those resolver
| operators to become more aware of the KSK rollover.

It would certainly be interesting if ICANN could tell us how well that project
is going, confidentiality permitting.

We kicked off this survey last Tuesday (21 August), when we sent ~4000 email messages to the contacts listed in the RIR databases for 2552 ASNs. These networks represent traffic from DNSSEC-aware recursive resolvers that serve 99.5% of the end-user device IPs in APNIC's Google Ad-based data set. (Thanks to Geoff Huston at APNIC for his help here!). Our threshold for backing out of the KSK rollover is a negative impact affecting 0.5% of Internet users, hence our messages to networks responsible for serving 99.5%. This seemed as good of a place as any to make the cutoff decision for whom to survey. The emails we sent serve both as a notification of the rollover and a request to take a survey to assess readiness for the rollover. The survey will run for two weeks, completing just in time to provide the results to the Board to aid in their decision-making process about proceeding with the rollover.

Matt
--
Matt Larson, VP of Research
ICANN Office of the CTO

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180823/3568a0e4/attachment.html>