[ksk-rollover] [Ext] Re: Starting discussion on acceptable criteria for proceeding with the root KSK roll

David Conrad david.conrad at icann.org
Sun Jan 7 18:30:15 UTC 2018


On January 6, 2018 at 12:48:15 PM, Stephane Bortzmeyer (bortzmeyer at nic.fr<mailto:bortzmeyer at nic.fr>) wrote:
Waiting for data is wise, expecting to have perfect data is just procrastination.

Strawman: no one is suggesting we are expecting perfect data.

Let me add that the # of users behind a broken resolver is not the
best metric: some amount of breakage is unavoidable, the real problem
is how long will it take to fix it.

While I’d agree time to repair is important, I personally think the worrisome part is what happens when previously working resolvers spontaneously stop working until there is manual intervention. I assume the MTTR will be quite low: it isn’t that hard to turn off DNSSEC validation (as a first step to stop the screaming). The unpleasant scenario is where someone has gone to great lengths to  do the right thing and have (someone else set up) a resilient, redundant validating resolver infrastructure supporting some mission critical application and, because they didn’t know to update the KSK, have that resolver infrastructure simply fall over.

And yes, this is also unmeasurable.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180107/068ea767/attachment.html>

More information about the ksk-rollover mailing list