[ksk-rollover] Starting discussion on acceptable criteria for proceeding with the root KSK roll

Petr Špaček petr.spacek at nic.cz
Wed Jan 10 13:33:38 UTC 2018

On 5.1.2018 23:12, David Conrad wrote:
> On January 5, 2018 at 2:06:10 AM, S Moonesamy (sm+icann at elandsys.com
> <mailto:sm+icann at elandsys.com>) wrote:
>> The plan was put on hold because of the 
>> data from September 2017. At the moment it is 
>> unknown if/when there will be a KSK roll. Is not 
>> doing a KSK roll by 2020 [1] a viable option? 
> Speaking personally, I’m hoping we can do the rollover long before 2020.
> The key is for the community to provide some sort of guidance to the
> ICANN Org about how to move forward. So far, my impression is that to
> date, most of the input from this mailing list has been “do it now”,
> implying we do NOT need to assess "the impact on users” (as mentioned
> in https://www.icann.org/news/blog/update-on-the-root-ksk-rollover-project).
> This means that the plan that will be published on 31 January for public
> comment will say the input we have received suggests the majority of
> contributors do not believe we need to take potential negative impact of
> the KSK rollover into account.

I think this is misunderstanding. I haven't seen anyone saying that "we
[do not] need to take potential negative impact of the KSK rollover into
account", rather than "people will fix it if it really breaks".

Let me state my interpretation of the discussion (in the following text,
"contributors" reads "me"):

Contributors believe that there is no way to reliably measure readiness
for the rollover, and that tools for such measurement will not be
available in upcoming years.

While not having reliable data, contributors believe that KSK rollover
process already got sufficient publicity and that breakage will be dealt
with swiftly, similarly to other security issues or DDoS attacks. For
these reasons risk of postponing KSK rollover indefinitely is deemed to
be higher than risk of breakage which will be fixed using usual methods.

I hope it helps to explain how others might read this discussion.

Petr Špaček  @  CZ.NIC

More information about the ksk-rollover mailing list