[ksk-rollover] followup of DNSSEC Workshop at ICANN64
Ondrej Filip
ondrej.filip at nic.cz
Thu Mar 14 13:57:37 UTC 2019
On 14. 03. 19 12:01, Warren Kumari wrote:
>
>
> So, my original "gut feel" was approximately every year, and I still
> feel that that is roughly the right frequency -- but, I think that we
> first need to figure out what the cause of the increase in DNSKEY
> lookups is - it concerns me that we predicted no impact from the
> revocation, and we got... this. I think that, assuming we figure out
> the causes of the increase (and understand them well enough that we
> are fairly sure that they won't jump again!), my gut still says ~1year
> -- but, more research needed...
As a producer of a DNS validating CPE device/router, I must say, I am
not very excited about frequent roll-overs. If your device stays at a
retailer store for some time, you might be in a trouble. So I would
prefer some longer periods. But it is more important how much in
advance is the new key known/published.
Ondrej
>
> W
>
>
>
> --------------------------------------------------------------------------------
> Victorious warriors win first and then go to war,
> Defeated warriors go to war first and then seek to win.
> Sun Tzu
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
> ---maf
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>
--
( CZ.NIC z.s.p.o. )
-------------------------------------------------
Ondrej Filip - CEO
Office : Milesovska 5, Praha 3, Czech Republic
Email : ondrej.filip at nic.cz http://www.nic.cz
Private: feela at network.cz
-------------------------------------------------
More information about the ksk-rollover
mailing list