[ksk-rollover] 答复: Architectural reconsideration on ICANN's Root Zone KSK rollover

Warren Kumari warren at kumari.net
Wed Jan 31 14:47:53 UTC 2018

On Wed, Jan 31, 2018 at 9:15 AM, Robert Story <rstory at isi.edu> wrote:
> On Wed 2018-01-31 07:53:51-0500 Marc wrote:
>> I’m not sure that supporting multiple hints files would really help.
>> I might be wrong.
> I think it could give us better information than kskroll-sentinel on
> how many folks are ready for the roll. To extend the idea a bit, if
> root servers listened on 3 addresses and there were 3 hints files
> (2017-ready, 2010-only, neither), we would know the status of every
> resolver that was updated, as soon as it was updated, without having to
> do any testing using ad campaigns that load pictures of fish. :-)

So, RFC8145 already gives information very similar to this... and it
turns out that the information doesn't show what we thought it would
-- it demonstrates the distribution of keys across *resolvers*. That's
a nice metric, but fundamentally fairly useless; in my basement I have
a machine BIND in a Docker instance. It only has the old key (because
Docker[0]) -- this is interesting from an academic standpoint, but
doesn't actually tell us anything - no-one is querying this instance.

What we need (IMO, YMMV, etc) is something which exposes this
information to *users* -- in an ideal world, there would be "no
resolver left behind" - unfortunately that doesn't seem realistic
(managed vs trusted-keys, non-5011 implementations, read-only
filesystems, etc), so I think we need to focus on "minimal users left
behind". I guess you could try scale 8145 (or multiple hints files) by
the number of users using each resolver, but, well, that seems like
you are back to the first issue.

> [note: speaking for myself, not my employer.]

Hey, me too! <waves/>

[0]: The Docker instance doesn't have persistent storage, because it
is part of a test infrastructure. It starts 5011, but usually doesn't
complete it (because timers) or it completes it, and then I restart
some tests and the Docker image reloads. Yes, this is a 10 minute fix,

> --
> Robert Story <http://www.isi.edu/~rstory>
> USC Information Sciences Institute <http://www.isi.edu/>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the ksk-rollover mailing list