[ksk-rollover] [Ext] Re: Starting discussion on acceptable criteria for proceeding with the root KSK roll

Stephane Bortzmeyer bortzmeyer at nic.fr
Sat Jan 6 20:46:20 UTC 2018

On Fri, Jan 05, 2018 at 10:40:36AM +0100,
 Petr Špaček <petr.spacek at nic.cz> wrote 
 a message of 78 lines which said:

> In my opinion, the important metric is *derivative* of:
> # of users behind KSK-2017 capable resolver
> vs.
> # of users behind KSK-2010 only resolver

Even if it were the right metric (I disagree, see later), what is the
point of a metric we cannot measure? Let's face it: with the root key
rollover problems, like almost all the real and important problems of
mankind, we won't have perfect data. Waiting for data is wise,
expecting to have perfect data is just procrastination.

> This leads me to conclusion that we do not have and most likely will
> not have relevant data anyway, so it is pointless to postpone the
> roll any further. Please will fix their stuff when it breaks.

So we agree.

Let me add that the # of users behind a broken resolver is not the
best metric: some amount of breakage is unavoidable, the real problem
is how long will it take to fix it. If the guy in charge of the
resolver screams "[Expletive deleted], I forgot to change the key,
let's change the resolver to a non-DNSSEC one, go to IANA Web site,
download the key, install it and switch the resolver again", this is
not a big deal: there are always micro-breakages somewhere on the
Internet. So, the important metric to me is # of users behind a
resolver which is both broken and unmanaged (or managed by clueless

Both metrics being non-measurable, I think they only have a
theoretical interest.

More information about the ksk-rollover mailing list