[ksk-rollover] 答复: Architectural reconsideration on ICANN's Root Zone KSK rollover
Davey Song(宋林健)
ljsong at biigroup.cn
Wed Jan 31 02:55:53 UTC 2018
Hi folks,
Last week I posted this proposal on this mailing list, but there is no reply
online but several comments off line
which are very helpful and help make this proposal more practical.
l One important concern is that it may take too long to roll the key,
waiting for standardization, implementation
and large deployment by the ? good ? guys. And no incentive for ? good ?
do all the work for <<lazy>> guys.
So I'm inspired that it is not necessary for additional set of root server
and coordination between server and resolver
for this purpose. All the work can be done in server side.
It can be implemented on server side with "two logic views"(similar but
different from BIND multiple view mechanism.
When authoritative server recognize the resolvers who support RFC5011 (via
rfc8145 or combined with kskroll-sentinel),
it can roll the key only for them. Roll KSK not once for all but
per-resolver. In that case there is no need any modification on
resolver. Root server operator should do this work only. So there is no
interoperability problem. No specification of DNS is
needed which shorten the time and concerns.
l Another concerns is the implication or panics of alternative root by
saying paralleled root sever.
Although the proposal has nothing to do with alternative root, it can change
the saying as a “upgrade path” instead.
I will change the proposal according to the comments. And still welcome
other comments.
Best regards,
Davey
发件人: ksk-rollover [mailto:ksk-rollover-bounces at icann.org] 代表 Davey
Song(宋林健)
发送时间: 2018年1月26日 11:33
收件人: ksk-rollover at icann.org
主题: [ksk-rollover] Architectural reconsideration on ICANN's Root Zone KSK
rollover
Hi folks,
I followed the discussion in this ML and composed a draft proposal (attached
and in my repo) as an input. I will not proceed in IETF but consider to
publish it in other form, if you think it is too radical to implement. Any
comments on the proposal or edits for my poooor English is welcome. J
The link of my repo:
https://github.com/songlinjian/Parallel-Root-KSK-Rollover
Best regards,
Davey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180131/99d57440/attachment.html>
More information about the ksk-rollover
mailing list