[ksk-rollover] Future rollover planning opportunities

S Moonesamy sm+icann at elandsys.com
Wed Feb 20 18:35:43 UTC 2019

Hi Geoff, Tony,
At 09:58 AM 20-02-2019, Geoff Huston wrote:
>There is something in your note Tony that I feel I should comment on. It gets
>to the heart of why the key gets rolled at all, in my view.
>I could offer the view that there is a prevalent feeling (perhaps 
>- who knows) that a very long-held key will get compromised at some 
>time. Either
>the tools to break the key will improve, or access to the key will no longer
>work, or some other mishap. It seems foolhardy not to have some exercised
>plan to roll the key to respond to such potential eventualities when or if the
>unplanned disaster happens and we need to roll the key.

Please see Section 4.5 of the DPS.  A "roll-over often" approach may 
have to take that into consideration.

S. Moonesamy 

More information about the ksk-rollover mailing list