[ksk-rollover] Starting discussion on acceptable criteria for proceeding with the root KSK roll

David Conrad david.conrad at icann.org
Fri Jan 5 18:42:30 UTC 2018


Doug,

On January 4, 2018 at 11:50:02 PM, Doug Barton (dougb at dougbarton.email<mailto:dougb at dougbarton.email>) wrote:
Since a little before September when the 8145 data started rolling in
all I've heard discussed is the risk to the deployed base if we do the
roll and their stuff breaks. But there is another, arguably greater risk
that is not being discussed, what happens if we get ourselves into a
position where we are forced to do an emergency roll? (The common
scenarios for that are key compromise, which is very unlikely but not
impossible, and alg failure.)

If they key gets lost or compromised, my understanding is that we cannot use RFC 5011 to do the roll and must fall back to doing an out-of-band key rollover. We aren’t really exercising this under this iteration of the community defined KSK rollover plan.

There are only two conditions that can be true at this point:
[…]
If #1 is true we should do the roll ASAP […]
If #2 is true we should do the roll ASAP […]

As I’ve noted previously, this would appear to argue that SAC-063 rec#3 should not have been made and that the amount of “breakage” is irrelevant. It would be nice if SSAC were to weigh in on this.

Regards,

-drc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180105/143b59a8/attachment-0001.html>


More information about the ksk-rollover mailing list