[ksk-rollover] ICANN board meeting result and the Current status of KSK-Rollover

Tue Sep 18 17:13:33 UTC 2018

David , Olaf,
I understand both of your points of view,
I think we need a bigger conversation about Algorithm roll, i.e. if that is
a good idea and what algorithm to roll to

But this conversation can take place in after October 13'th

Olafur

On Tue, Sep 18, 2018 at 8:29 AM, David Conrad <david.conrad at icann.org>
wrote:

> Hi,
>
> We (ICANN org) don’t have an opinion (individual staff members with their
> ICANN hats off might :)).
>
> As you’re probably aware, currently, the DPS states (paraphrasing) we
> should roll the KSK after 5 years from the point the KSK is put into use.
> As such, the next roll is anticipated to be after 11 Oct 2023.
>
> However, as Matt said, we listen to the community. If the community would
> like us to roll more frequently, all that we in staff need to know is what
> that frequency is. There are, of course, operational costs associated with
> the roll, both at ICANN org as well as within the resolver operators
> community (at least for those folks who prefer to roll manually) that will
> vary depending on roll frequency, but presumably those costs won’t be too
> outrageous.
>
> The next step would probably be to figure out how to get a consensus on
> what the frequency should be. I’d think that a 'post mortem' report about
> the current rollover would be helpful in informing that consensus. The
> Board has already task ICANN org with putting together such a post mortem
> (the analysis Matt mentioned).
>
> Regards,
> -drc
>
> On Sep 18, 2018, at 3:44 AM, Olaf Kolkman <kolkman at isoc.org> wrote:
>
> I agree with Michael, albeit I would phrase it slightly differently:
>
> Rolling the key regularly is a strategic choise and makes a keyroll an
> operational reality.
>
> How regular (or how frequent) is a tactic. Whether That is yearly, no
> monthly or once half a decade is a tactic that takes into account some of
> our learnings.
>
> I would really like to see that strategic position being explicit.
>
>
> Olaf.
>
> ----
> Composed on mobile device, with clumsy thumbs and unpredictable
> autocorrect.
> ------------------------------
> *From:* ksk-rollover <ksk-rollover-bounces at icann.org> on behalf of
> Michael StJohns <msj at nthpermutation.com>
> *Sent:* Tuesday, September 18, 2018 5:04:31 AM
> *To:* Matt Larson
> *Cc:* ksk-rollover at icann.org
> *Subject:* Re: [ksk-rollover] ICANN board meeting result and the Current
> status of KSK-Rollover
>
> On 9/17/2018 3:57 PM, Matt Larson wrote:
> > The answer I've given when people ask this question is that we need to
> > get through the first rollover and analyze how it goes before we can
> > discuss subsequent rollovers. One can imagine that how the first
> > rollover goes could have a material effect on the timing of the next one.
>
> This seems like a bad approach given how that we currently have interest
> and opportunity in the roll-over that could catalyze planning for a
> second roll.  This does not - and should not - need to be single
> threaded.    AFAICT, you're going to know most everything you need to
> know a few seconds to a few days after you stop signing the the old key.
>
> So - I suggest you pick a date now.  Start planning for the next roll
> now.  If your post analysis shows a problem - adapt and overcome and
> adjust the dates if you need to.  It's hard to hit a target if you don't
> put it on calendar.
>
> Later, Mike
>
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>
>
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>
>

-- 
Ólafur Gudmundsson | Engineering Director
www.cloudflare.com blog.cloudflare.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180918/6dc1ca88/attachment.html>