[ksk-rollover] Future rollover planning opportunities
S Moonesamy
sm+icann at elandsys.com
Wed Feb 20 18:35:43 UTC 2019
Hi Geoff, Tony,
At 09:58 AM 20-02-2019, Geoff Huston wrote:
>There is something in your note Tony that I feel I should comment on. It gets
>to the heart of why the key gets rolled at all, in my view.
>
>I could offer the view that there is a prevalent feeling (perhaps
>irrationally
>- who knows) that a very long-held key will get compromised at some
>time. Either
>the tools to break the key will improve, or access to the key will no longer
>work, or some other mishap. It seems foolhardy not to have some exercised
>plan to roll the key to respond to such potential eventualities when or if the
>unplanned disaster happens and we need to roll the key.
Please see Section 4.5 of the DPS. A "roll-over often" approach may
have to take that into consideration.
Regards,
S. Moonesamy
More information about the ksk-rollover
mailing list