[ksk-rollover] Need to roll regularly to ensure operational stability.

Marc Blanchet marc.blanchet at viagenie.ca
Thu Mar 28 14:36:38 UTC 2019



On 28 Mar 2019, at 15:34, Lars-Johan Liman wrote:

> All,
> As I stated at the mic in the BOF:
> We should look at _why_ we want to roll the key.
> My take is that we want to do this to make sure that rolling the key is
> a non-event. We need to make sure that all resolvers handle this in a
> smooth fashion, and that all operators remember what to do when it
> happens. Ideally it will be automated everywhere.
> My analogy was the diesel generators in a data centre. You don't wait
> for The Big Power Outage to run them, you do it every month, so that you
> discover potential problems, and so that all staff and equipment are
> "trained" to act appropriately.
> Repeating the event is the only way to train the world that this is a
> non-event. Make the "pain" is frequent enough, and people will make sure
> they handle it appropriately to avoid the pain. --> Automation.
> With a smooth machinery, we can roll at any time, should an emergency
> arise.
> And yes, there is a non-trivial cost associated with rolling, but again,
> we can only drive down the cost by going for "mass-production". The more
> often we do it, the lower the cost must be, and will eventually become.
> I suggest we roll on a yearly basis, but I can be convinced to agree to
> every two years. I also kind of like the idea to perform unannounced
> rolls in the future.
> It. Must. Be. A. Non-event!
> 				Cheers,
> 				  /Liman
> -- 
> #----------------------------------------------------------------------
> # Lars-Johan Liman, M.Sc.               !  E-mail: liman at netnod.se
> # Senior Systems Specialist             !  Tel: +46 8 - 562 860 12
> # Netnod Internet Exchange, Stockholm   !  http://www.netnod.se/
> #----------------------------------------------------------------------
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover

More information about the ksk-rollover mailing list