[ksk-rollover] Retention of the 2010 KSK

Mehmet Akcin mehmet at akcin.net
Wed Apr 24 19:27:41 UTC 2019 

thank you. Clear and as always planned. Thanks David

On Wed, Apr 24, 2019 at 11:58 AM David Prangnell <david.prangnell at iana.org>
wrote:

> To Whom It May Concern,
>
>
>
> We have carefully reviewed the recent discussions about retaining KSK-2010
> beyond its scheduled lifetime to enable a possible future as-yet-undefined
> technique to bootstrap a validator that has been offline for an extended
> period. We have decided to proceed with the deletion of the KSK-2010 as
> scheduled on 16 May 2019 from the Key Management Facility (KMF) East and
> then on 14 August 2019 from the KMF West.
>
>
>
> We have made the decision based on these factors:
>
>    - On 11 January 2019, the root zone was published with KSK-2010 marked
>    as revoked. The KSK-2010 key was also marked as expired in the
>    root-anchors.xml file.
>    - Since 22 March 2019, the root zone is no longer published with
>    KSK-2010 in the DNSKEY record set.
>    - We have not received a strong indication of how the KSK-2010 would
>    be used in the future.
>    - It seems likely any technique to bootstrap offline validators would
>    be implemented in software that can reasonably assumed to, at a minimum, be
>    configured with KSK-2017.
>    - Deletion of the KSK-2010 is an activity prescribed in the KSK
>    rollover plan [1] and also in the DNSSEC Practice Statements (DPS) [2].
>
>
>
> Thank you,
>
> --
>
> David Prangnell
>
> Email: david.prangnell at iana.org
>
> IANA
>
>
>
>
>
> [1] Page 15 at
> https://www.icann.org/en/system/files/files/ksk-rollover-operational-implementation-plan-22jul16-en.pdf
>
> [2] Section 6.5 at
> https://www.iana.org/dnssec/dps/ksk-operator/ksk-dps.txt
>
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190424/f54e1667/attachment.html>

More information about the ksk-rollover mailing list