[ksk-rollover] Retention of the 2010 KSK

Warren Kumari warren at kumari.net
Thu Apr 25 11:33:11 UTC 2019 

Excellent, thank you - partly for the decision, but even more so for the
clear communication, backed up with clear reasoning.

W

On Wed, Apr 24, 2019 at 2:58 PM David Prangnell <david.prangnell at iana.org>
wrote:

> To Whom It May Concern,
>
>
>
> We have carefully reviewed the recent discussions about retaining KSK-2010
> beyond its scheduled lifetime to enable a possible future as-yet-undefined
> technique to bootstrap a validator that has been offline for an extended
> period. We have decided to proceed with the deletion of the KSK-2010 as
> scheduled on 16 May 2019 from the Key Management Facility (KMF) East and
> then on 14 August 2019 from the KMF West.
>
>
>
> We have made the decision based on these factors:
>
>    - On 11 January 2019, the root zone was published with KSK-2010 marked
>    as revoked. The KSK-2010 key was also marked as expired in the
>    root-anchors.xml file.
>    - Since 22 March 2019, the root zone is no longer published with
>    KSK-2010 in the DNSKEY record set.
>    - We have not received a strong indication of how the KSK-2010 would
>    be used in the future.
>    - It seems likely any technique to bootstrap offline validators would
>    be implemented in software that can reasonably assumed to, at a minimum, be
>    configured with KSK-2017.
>    - Deletion of the KSK-2010 is an activity prescribed in the KSK
>    rollover plan [1] and also in the DNSSEC Practice Statements (DPS) [2].
>
>
>
> Thank you,
>
> --
>
> David Prangnell
>
> Email: david.prangnell at iana.org
>
> IANA
>
>
>
>
>
> [1] Page 15 at
> https://www.icann.org/en/system/files/files/ksk-rollover-operational-implementation-plan-22jul16-en.pdf
>
> [2] Section 6.5 at
> https://www.iana.org/dnssec/dps/ksk-operator/ksk-dps.txt
>
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>


-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190425/27c07c56/attachment.html>

More information about the ksk-rollover mailing list