[ksk-rollover] ICANN board meeting result and the Current status of KSK-Rollover

Marc Blanchet marc.blanchet at viagenie.ca
Fri Sep 21 15:43:45 UTC 2018


On 21 Sep 2018, at 11:34, Ray Bellis wrote:

> On 21/09/2018 16:12, Marc Blanchet wrote:
>
>> right but:
>> - people are lazy: until there are real events (KSK rollover), they 
>> will
>> not care or prepare. Therefore, we must have rollover enough frequent 
>> so
>> people do act.
>> - there are mechanisms to help/automate rollover, such as RFC5011, 
>> which
>> shall fit with most use cases.
>> - for the use cases/reasons people not use RFC5011, then it is like 
>> any
>> manual configuration management: you take the responsability to put
>> whatever process in your org to handle that case, since you are aware
>> that you are taking the manual route.
>
> What about the (hypothetical?) home CPE with a validating resolver
> that's been left on the shelf for a couple of years.
>
> RFC 5011 doesn't help those.   AFAIK, re-bootstrapping trust for those
> is still an unsolved problem.

agreed. that one unresolved yet.

(I was writing in the context of ISP resolvers which I understood was 
the underlying discussion context. )

Marc.

>
> Ray
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover


More information about the ksk-rollover mailing list