[ksk-rollover] [Ext] ICANN board meeting result and the Current status of KSK-Rollover

David Conrad david.conrad at icann.org
Mon Sep 24 21:45:26 UTC 2018


Eric,

On Sep 23, 2018, at 1:12 PM, Eric Osterweil <lists at osterweil.net> wrote:
> I would, however, suggest that there will be much more to learn than what we see in the “seconds” after the roll

Yes. While there is going to be a DITL collection by DNS-OARC around the KSK rollover, we will continue the ongoing data collection (at least at the root server operated by ICANN).

> I think we need to look for measures that could be useful in ascertaining when the operational ecosystem has stabilized.  

Part of this will be to establish what resolver behaviors are during the roll, both in terms of proper configuration and improper configuration, and seeing if we can see these signals at the vantage points we have (i.e., the root servers participating in the DITL collection).  We’re in the process of identifying those behaviors in the lab for the resolvers we can get our hands on, however if others have already done this, we’d love to hear about it.

> For example, all of the outreach that ICANN org and others have done has taken time.  That tells me that there are DNS consumers/stakeholders (including both those we have reached, and those we have not) who may have operational reactions to the roll: changing, turning off DNSSEC, keeping it on (steady state), etc.  I think we need to factor these kinds of measurements into decisions about when we can assess the effect of the Root KSK roll.

One thought would be to do an “After Action” survey similar to the KSK rollover preparedness survey we’ve already sent out to the contacts of around 16,000+ ASes. Or are you suggesting protocol-level data collection?

Regards,
-drc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180924/71436479/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4005 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20180924/71436479/smime.p7s>


More information about the ksk-rollover mailing list