[ksk-rollover] Need to roll regularly to ensure operational stability.

[Lars-Johan Liman]

All,

As I stated at the mic in the BOF:

We should look at _why_ we want to roll the key.

My take is that we want to do this to make sure that rolling the key is
a non-event. We need to make sure that all resolvers handle this in a
smooth fashion, and that all operators remember what to do when it
happens. Ideally it will be automated everywhere.

My analogy was the diesel generators in a data centre. You don't wait
for The Big Power Outage to run them, you do it every month, so that you
discover potential problems, and so that all staff and equipment are
"trained" to act appropriately.

Repeating the event is the only way to train the world that this is a
non-event. Make the "pain" is frequent enough, and people will make sure
they handle it appropriately to avoid the pain. --> Automation.

With a smooth machinery, we can roll at any time, should an emergency
arise.

And yes, there is a non-trivial cost associated with rolling, but again,
we can only drive down the cost by going for "mass-production". The more
often we do it, the lower the cost must be, and will eventually become.

I suggest we roll on a yearly basis, but I can be convinced to agree to
every two years. I also kind of like the idea to perform unannounced
rolls in the future.

It. Must. Be. A. Non-event!

				Cheers,
				  /Liman
-- 
#----------------------------------------------------------------------
# Lars-Johan Liman, M.Sc.               !  E-mail: liman at netnod.se
# Senior Systems Specialist             !  Tel: +46 8 - 562 860 12
# Netnod Internet Exchange, Stockholm   !  http://www.netnod.se/
#----------------------------------------------------------------------