[ksk-rollover] ICANN board meeting result and the Current status of KSK-Rollover

Olaf Kolkman kolkman at isoc.org
Tue Sep 18 01:44:17 UTC 2018

I agree with Michael, albeit I would phrase it slightly differently:

Rolling the key regularly is a strategic choise and makes a keyroll an operational reality.

How regular (or how frequent) is a tactic. Whether That is yearly, no monthly or once half a decade is a tactic that takes into account some of our learnings.

I would really like to see that strategic position being explicit.


Composed on mobile device, with clumsy thumbs and unpredictable autocorrect.
From: ksk-rollover <ksk-rollover-bounces at icann.org> on behalf of Michael StJohns <msj at nthpermutation.com>
Sent: Tuesday, September 18, 2018 5:04:31 AM
To: Matt Larson
Cc: ksk-rollover at icann.org
Subject: Re: [ksk-rollover] ICANN board meeting result and the Current status of KSK-Rollover

On 9/17/2018 3:57 PM, Matt Larson wrote:
> The answer I've given when people ask this question is that we need to
> get through the first rollover and analyze how it goes before we can
> discuss subsequent rollovers. One can imagine that how the first
> rollover goes could have a material effect on the timing of the next one.

This seems like a bad approach given how that we currently have interest
and opportunity in the roll-over that could catalyze planning for a
second roll.  This does not - and should not - need to be single
threaded.    AFAICT, you're going to know most everything you need to
know a few seconds to a few days after you stop signing the the old key.

So - I suggest you pick a date now.  Start planning for the next roll
now.  If your post analysis shows a problem - adapt and overcome and
adjust the dates if you need to.  It's hard to hit a target if you don't
put it on calendar.

Later, Mike

ksk-rollover mailing list
ksk-rollover at icann.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180918/5a871e1f/attachment.html>

More information about the ksk-rollover mailing list