[ksk-rollover] thoughts to the list as requested

[Michael Richardson]

Joe Abley <jabley at hopcount.ca> wrote:
    > The question of whether and how often to roll the KSK seems to me to be
    > the least interesting of all the work to be done around KSK management,
    > but since it also seems to block discussion of any of the more
    > entertaining subjects, the following is my opinion. You'll note the
    > justification for the proposed end-state is missing, as are detailed
    > suggestions for how we get there. Both are available on demand :-)

Let me start by saying that I concur with you completely.
I think that some have asked why we are rolling at all, in order to more
precisely understand what threats we are mitigating.

    > 4. An emergency key-roll due to key compromise (of any number of
    > flavours) will be expected, easy to execute and easy to understand from
    > the client side. Contributing oil on the wheels might be long-timebase
    > pre-publication of standby keys and the processes for an emergency roll
    > closely resembling (or being identical to) processes for a scheduled
    > roll.

I think that may be situations which pre-publication of standby keys might not
mitigate.  I think that we won't be sure until we write down the reasons for
an emergency key-roll.  As a small detail; who would make that call, and how
much time would they have to make the decision?

--
Michael Richardson <mcr+IETF at sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190402/af5cfa2d/signature-0001.asc>