[ksk-rollover] Current status of KSK-RollOver?
Petr Špaček
petr.spacek at nic.cz
Mon Sep 10 12:45:04 UTC 2018
On 30.8.2018 01:24, David Conrad wrote:
> Hi,
>
> On Aug 29, 2018, at 3:36 PM, Rene 'Renne' Bartsch, B.Sc. Informatics via
> ksk-rollover <ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>> wrote:
>> Rolling out DNSSEC is not a technical but a social problem. It's
>> called fear and laziness.
>> It seems the focus of the ICANN board is too technical to realize this.
>
> In my experience, it is rare for someone to say the focus of ICANN’s
> board “too technical” :).
>
>> The indecisiveness of the ICANN board makes all involved parties insecure.
>
> To clarify, the Board has not been not indecisive. They haven’t yet been
> asked to make a decision on rolling the KSK.
>
>> I suggest a marketing campaign to promote the benefits of the
>> DNSSEC/DANE dyad for users
>> who will then push service providers and hard-/software developers.
>
> We (staff) would love to hear thoughts on benefits of DNSSEC/DANE (we
I would put https://tools.ietf.org/html/rfc7477 aka
"Child-to-Parent Synchronization in DNS"
on the list.
DNSSEC is required to do this in a secure way but once we have it we can
get rid of parent-child NS desynchronization problem.
That would help a lot with DNS operations/debugging because parent-child
desync can be lurking for months or even years before last NS is moved
elsewhere and then whole domain breaks suddenly.
--
Petr Špaček @ CZ.NIC
More information about the ksk-rollover
mailing list