[ksk-rollover] Starting discussion on acceptable criteria for proceeding with the root KSK roll

Jacques Latour Jacques.Latour at cira.ca
Thu Jan 4 23:41:00 UTC 2018

Could not of said it better. In my opinion, the uncertainty is what is eroding the trust in DNSSEC as a technology.  The sooner we get over this hurdle the better we are.   I’m on the camp that DNSSEC is a viable technology, and we made an error in not rolling the key sooner and we need to acknowledge in advance there will be some collateral damage ‘for people not running up to date stuff’ but it’s inevitable to bring this technology to maturity.  If we don’t take this risk, might as well turn it off because people won’t trust it.  Going from pulse to dial tone telephone, going from analog to digital TV, all had its share of collateral damage.  Perfection is not an option, I think we’re ready, let’s do it!

All that to say, and I’m playing devils advocate here, at some point we do need to bite the bullet and do the rollover, because to keep postponing it is yet another signal that DNSSEC is not production ready.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180104/df9b2354/attachment-0001.html>

More information about the ksk-rollover mailing list