[ksk-rollover] Graph showing latest RFC8145 data

Matt Larson matt.larson at icann.org
Thu Feb 8 15:15:15 UTC 2018 

Dear colleagues,

In the Plan for Continuing the Root KSK Rollover,<https://www.icann.org/en/system/files/files/plan-continuing-root-ksk-rollover-01feb18-en.pdf> we wrote:

ICANN org will publish monthly snapshots of the RFC 8145 trust anchor report data that we receive from several root servers.

Our plan is to make daily updating graphs available on a web page Real Soon Now. In the meantime, I wanted to share the latest graph of RFC8145 trust anchor report data. We're receiving data from nine root letters (A, B, C, D, F, J, K, L and M), though the list of letters contributing has grown over time:

B, D and F from 2017-09-01
A/J added on 2017-12-22
H added on 2018-01-03
C added on 2018-01-04
L and M added on 2018-01-10

(Thank you very much to those root operators for contributing the data!)

Presumably these additions over time account for some of the jumps in the graph, but we've not (yet) made an extensive study of that. However, we do not believe the largest increase is attributable to more root letters contributing data: the recent increases are presumably due to the release of Unbound 1.6.8 on 19 January 2018, which is a bug fix for CVE-2017-15105 (a vulnerability in the processing of wildcard synthesized NSEC records). While trust anchor signaling has been on by default in Unbound since version 1.6.7, the need to address the vulnerability has prompted a more rapid upgrade to 1.6.8 and a corresponding increase in trust anchor reports.

Burying the lede, you'll note the significant increase in the percentage of sources reporting only KSK-2010. We haven't investigated that yet, either, but we certainly will.

Matt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180208/a171338c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rfc8145-by-day.pdf
Type: application/pdf
Size: 19567 bytes
Desc: rfc8145-by-day.pdf
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180208/a171338c/rfc8145-by-day-0001.pdf>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180208/a171338c/ATT00001-0001.htm>

More information about the ksk-rollover mailing list