[ksk-rollover] Starting discussion on acceptable criteria for proceeding with the root KSK roll
Tony Finch
dot at dotat.at
Fri Jan 12 12:55:30 UTC 2018
Ólafur Guðmundsson via ksk-rollover <ksk-rollover at icann.org> wrote:
>
> I think there will always be breakage, in the old pre-RFC5011 and KSK
> design discussions there was one case identified as non-solvable
> --- old OS/Box comes alive i.e.
> I think we now have a second class of failures that was not "anticipated"
> -- non-persistence i.e. resolver can not store state in a way that will
> be used if resolver is restarted.
> -- operators hard code keys i.e. disable RFC5011 (trusted-keys vs
> managed-keys)
I have a suggestion that could fix the first two, and also fix the secure
time bootstrap problem -
https://tools.ietf.org/html/draft-fanf-dnsop-trust-anchor-witnesses
I should maybe do a simplified revision, but I'm not sure there's enough
interest to make it worth the effort.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/ - I xn--zr8h punycode
Shannon, Rockall: South 7 to severe gale 9, occasionally storm 10 at first in
Rockall, becoming cyclonic 6 to gale 8. Very rough or high, occasionally very
high at first in Rockall. Rain or showers. Good, occasionally poor.
More information about the ksk-rollover
mailing list