[ksk-rollover] followup of DNSSEC Workshop at ICANN64
Fred Baker
fredbaker.ietf at gmail.com
Thu Mar 14 09:41:56 UTC 2019
> On Mar 14, 2019, at 5:58 PM, Shane Kerr <shane at time-travellers.org> wrote:
>
> Personally I would like to see rolls frequent enough that everything around a roll is automated.
I mostly agree. I think the key thing is that key rolls must be *normal* and the software therefore designed with that assumption. For developers to believe that it is normal, it must be "frequent enough", whatever that means. I personally might vote for "quarterly" or "annual" if the implication is only that operators needed to be aware that it was happening in case something breaks, and 2-3 years might actually be OK, but for sure not "every five years".
--------------------------------------------------------------------------------
Victorious warriors win first and then go to war,
Defeated warriors go to war first and then seek to win.
Sun Tzu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190314/0ad456ac/signature.asc>
More information about the ksk-rollover
mailing list