[ksk-rollover] ICANN board meeting result and the Current status of KSK-Rollover
marc.blanchet at viagenie.ca
Fri Sep 21 15:43:45 UTC 2018
On 21 Sep 2018, at 11:34, Ray Bellis wrote:
> On 21/09/2018 16:12, Marc Blanchet wrote:
>> right but:
>> - people are lazy: until there are real events (KSK rollover), they
>> not care or prepare. Therefore, we must have rollover enough frequent
>> people do act.
>> - there are mechanisms to help/automate rollover, such as RFC5011,
>> shall fit with most use cases.
>> - for the use cases/reasons people not use RFC5011, then it is like
>> manual configuration management: you take the responsability to put
>> whatever process in your org to handle that case, since you are aware
>> that you are taking the manual route.
> What about the (hypothetical?) home CPE with a validating resolver
> that's been left on the shelf for a couple of years.
> RFC 5011 doesn't help those. AFAIK, re-bootstrapping trust for those
> is still an unsolved problem.
agreed. that one unresolved yet.
(I was writing in the context of ISP resolvers which I understood was
the underlying discussion context. )
> ksk-rollover mailing list
> ksk-rollover at icann.org
More information about the ksk-rollover