[ksk-rollover] thoughts to the list as requested

[Joe Abley]

On 2 Apr 2019, at 11:56, Matthew Pounsett <matt at conundrum.com> wrote:

> 4. An emergency key-roll due to key compromise (of any number of flavours) will be expected, easy to execute and easy to understand from the client side. Contributing oil on the wheels might be long-timebase pre-publication of standby keys and the processes for an emergency roll closely resembling (or being identical to) processes for a scheduled roll.
> 
> Pre-publishing keys for the purposes of emergency roll in the event of compromise sounds hard, and definitely expensive,

I'm not sure I agree that words like "hard" and "expensive" are useful before any design exercise has happened. You're presupposing a particular class of solutions, I think.

> given how they key material is handled today.  I think a third signing party location would be required, with each key stored in only two locations.  This is probably achievable, but I suspect it'll take a while for people to agree on costs and location, and then more time to get it set up.
> 
> We will likely want to come up with an interim plan for emergency rolls until something like the above can be arranged.

We have an interim plan right now; it's documented in the DPS. It has never been tested. It may well not be complete.


Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190402/6661400e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190402/6661400e/signature-0001.asc>