[ksk-rollover] [Ext] Re: Starting discussion on acceptable criteria for proceeding with the root KSK roll

David Conrad david.conrad at icann.org
Sun Jan 7 17:53:57 UTC 2018


On January 6, 2018 at 12:28:31 PM, Stephane Bortzmeyer (bortzmeyer at nic.fr<mailto:bortzmeyer at nic.fr>) wrote:
> Just to level set and argue the extreme, if we had data that
> suggested that 100% of validating resolvers would fail, would you
> personally pull the trigger that causes the KSK rollover?

If there were this data, no, because it would mean there is a general
problem, may be a broken protocol that the IETF would need to fix. But
we are not at 100 %, we now that key rollover can work, just not for

Right. What if that number was 75%? Or 50%? The data we have says that the part of everyone for which the roll isn’t going to work is the number of users sitting behind around 8% of 8145-reporting resolvers. Is that low enough? Is it even a useful measure?

100 % failure is an easy case to handle: it means there is clearly a
problem, and which does not reside in the ordinary sysadmin. But we
are not in the easy case.

Yes. Which is why we’re looking for input on how to move forward.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180107/c45d6262/attachment.html>

More information about the ksk-rollover mailing list