[ksk-rollover] Starting discussion on acceptable criteria for proceeding with the root KSK roll

Tony Finch dot at dotat.at
Fri Jan 12 12:55:30 UTC 2018

Ólafur Guðmundsson via ksk-rollover <ksk-rollover at icann.org> wrote:
> I think there will always be breakage, in the old pre-RFC5011 and KSK
> design discussions there was one case identified as non-solvable
>  --- old OS/Box comes alive i.e.
> I think we now have a second class of failures that was not "anticipated"
>   -- non-persistence i.e. resolver can not store state in a way that will
> be used if resolver is restarted.
>   -- operators hard code keys i.e. disable RFC5011 (trusted-keys vs
> managed-keys)

I have a suggestion that could fix the first two, and also fix the secure
time bootstrap problem -
I should maybe do a simplified revision, but I'm not sure there's enough
interest to make it worth the effort.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Shannon, Rockall: South 7 to severe gale 9, occasionally storm 10 at first in
Rockall, becoming cyclonic 6 to gale 8. Very rough or high, occasionally very
high at first in Rockall. Rain or showers. Good, occasionally poor.

More information about the ksk-rollover mailing list