[ksk-rollover] ICANN board meeting result and the Current status of KSK-Rollover

Ray Bellis ray at isc.org
Fri Sep 21 15:34:37 UTC 2018

On 21/09/2018 16:12, Marc Blanchet wrote:

> right but:
> - people are lazy: until there are real events (KSK rollover), they will
> not care or prepare. Therefore, we must have rollover enough frequent so
> people do act.
> - there are mechanisms to help/automate rollover, such as RFC5011, which
> shall fit with most use cases.
> - for the use cases/reasons people not use RFC5011, then it is like any
> manual configuration management: you take the responsability to put
> whatever process in your org to handle that case, since you are aware
> that you are taking the manual route.

What about the (hypothetical?) home CPE with a validating resolver
that's been left on the shelf for a couple of years.

RFC 5011 doesn't help those.   AFAIK, re-bootstrapping trust for those
is still an unsolved problem.


More information about the ksk-rollover mailing list