[ksk-rollover] ICANN board meeting result and the Current status of KSK-Rollover
ray at isc.org
Fri Sep 21 15:34:37 UTC 2018
On 21/09/2018 16:12, Marc Blanchet wrote:
> right but:
> - people are lazy: until there are real events (KSK rollover), they will
> not care or prepare. Therefore, we must have rollover enough frequent so
> people do act.
> - there are mechanisms to help/automate rollover, such as RFC5011, which
> shall fit with most use cases.
> - for the use cases/reasons people not use RFC5011, then it is like any
> manual configuration management: you take the responsability to put
> whatever process in your org to handle that case, since you are aware
> that you are taking the manual route.
What about the (hypothetical?) home CPE with a validating resolver
that's been left on the shelf for a couple of years.
RFC 5011 doesn't help those. AFAIK, re-bootstrapping trust for those
is still an unsolved problem.
More information about the ksk-rollover