[ksk-rollover] followup of DNSSEC Workshop at ICANN64

Fred Baker fredbaker.ietf at gmail.com
Thu Mar 14 09:41:56 UTC 2019

> On Mar 14, 2019, at 5:58 PM, Shane Kerr <shane at time-travellers.org> wrote:
> Personally I would like to see rolls frequent enough that everything around a roll is automated.

I mostly agree. I think the key thing is that key rolls must be *normal* and the software therefore designed with that assumption. For developers to believe that it is normal, it must be "frequent enough", whatever that means. I personally might vote for "quarterly" or "annual" if the implication is only that operators needed to be aware that it was happening in case something breaks, and 2-3 years might actually be OK, but for sure not "every five years".
Victorious warriors win first and then go to war,
Defeated warriors go to war first and then seek to win.
     Sun Tzu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190314/0ad456ac/signature.asc>

More information about the ksk-rollover mailing list