[ksk-rollover] thoughts to the list as requested
mcr+ietf at sandelman.ca
Tue Apr 2 14:59:16 UTC 2019
Joe Abley <jabley at hopcount.ca> wrote:
> The question of whether and how often to roll the KSK seems to me to be
> the least interesting of all the work to be done around KSK management,
> but since it also seems to block discussion of any of the more
> entertaining subjects, the following is my opinion. You'll note the
> justification for the proposed end-state is missing, as are detailed
> suggestions for how we get there. Both are available on demand :-)
Let me start by saying that I concur with you completely.
I think that some have asked why we are rolling at all, in order to more
precisely understand what threats we are mitigating.
> 4. An emergency key-roll due to key compromise (of any number of
> flavours) will be expected, easy to execute and easy to understand from
> the client side. Contributing oil on the wheels might be long-timebase
> pre-publication of standby keys and the processes for an emergency roll
> closely resembling (or being identical to) processes for a scheduled
I think that may be situations which pre-publication of standby keys might not
mitigate. I think that we won't be sure until we write down the reasons for
an emergency key-roll. As a small detail; who would make that call, and how
much time would they have to make the decision?
Michael Richardson <mcr+IETF at sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 487 bytes
Desc: not available
More information about the ksk-rollover