[ksk-rollover] Starting discussion on acceptable criteria for proceeding with the root KSK roll

Carlos Marcelo Martinez Cagnazzo carlosm3011 at gmail.com
Thu Jan 4 23:45:31 UTC 2018

I fully, fully agree with Jacques and others. This needs to be over soon.

via Newton Mail [https://cloudmagic.com/k/d/mailapp?ct=pi&cv=9.8.139&pv=11.2.1&source=email_footer_2]
On Thu, Jan 4, 2018 at 8:41 PM, Jacques Latour <Jacques.Latour at cira.ca> wrote:
Could not of said it better. In my opinion, the uncertainty is what is eroding the trust in DNSSEC as a technology. The sooner we get over this hurdle the better we are. I’m on the camp that DNSSEC is a viable technology, and we made an error in not rolling the key sooner and we need to acknowledge in advance there will be some collateral damage ‘for people not running up to date stuff’ but it’s inevitable to bring this technology to maturity. If we don’t take this risk, might as well turn it off because people won’t trust it. Going from pulse to dial tone telephone, going from analog to digital TV, all had its share of collateral damage. Perfection is not an option, I think we’re ready, let’s do it!

All that to say, and I’m playing devils advocate here, at some point we do need to bite the bullet and do the rollover, because to keep postponing it is yet another signal that DNSSEC is not production ready.


_______________________________________________ ksk-rollover mailing list ksk-rollover at icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180104/478bf761/attachment-0001.html>

More information about the ksk-rollover mailing list