From mcr+ietf at sandelman.ca Mon Jul 13 20:20:00 2020 From: mcr+ietf at sandelman.ca (Michael Richardson) Date: Mon, 13 Jul 2020 16:20:00 -0400 Subject: [ksk-rollover] some simple/silly questions about root KSK ceremonies Message-ID: <2775.1594671600@localhost> Three questions: 1) Should I refer to https://www.iana.org/dnssec/icann-dps.txt or https://www.iana.org/dnssec/dps/zsk-operator/dps-zsk-operator-v2.0.pdf as the authoritative document? The first is clearly more recent, and seems better linked. But, maybe it's a draft. 2) With the April 23 ceremoney (#41) having been held, would there there not have been another in July? What will happen? It seems that maybe enough things were signed in April to last awhile. 3) There was a long debate about how often to roll the root key. A link to: https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-11-01-en was posted last fall. I see that the report is still overdue. I was looking for something authoritative to cite. Is it reasonable to cite: https://www.icann.org/en/system/files/files/proposal-future-rz-ksk-rollovers-01nov19-en.pdf for now? -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 487 bytes Desc: not available URL: From kim.davies at iana.org Mon Jul 13 20:38:59 2020 From: kim.davies at iana.org (Kim Davies) Date: Mon, 13 Jul 2020 13:38:59 -0700 Subject: [ksk-rollover] some simple/silly questions about root KSK ceremonies In-Reply-To: <2775.1594671600@localhost> References: <2775.1594671600@localhost> Message-ID: <20200713203859.GA47258@KIDA-0000.local> Hi Michael, Quoting Michael Richardson on Monday July 13, 2020: > > Three questions: > > 1) Should I refer to > https://www.iana.org/dnssec/icann-dps.txt > or https://www.iana.org/dnssec/dps/zsk-operator/dps-zsk-operator-v2.0.pdf > > as the authoritative document? The former is the KSK Operator DPS, the latter is the ZSK Operator DPS. They are two distinctly different documents given KSK and ZSK operations are split in the root zone across two different entities. If you are referring to KSK management you should cite the former document. > 2) With the April 23 ceremoney (#41) having been held, would > there there not have been another in July? > What will happen? > It seems that maybe enough things were signed in April to last awhile. KSK Ceremony 41 generated signatures covering 9 months of material as a contigency measure due to COVID-19. See https://www.icann.org/news/blog/conducting-a-key-signing-ceremony-in-the-face-of-covid-19 for an explanation written prior to the last key ceremony, and https://labs.ripe.net/Members/mirjam/managing-the-trust-anchor-of-the-dns-against-adversity for something a little more recent. As a result of this, we don't have an need to hold a ceremony for key signing purposes until approximately February 2021. > 3) There was a long debate about how often to roll the root key. > A link to: > https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-11-01-en > was posted last fall. > > I see that the report is still overdue. You're right that the staff report is overdue. That is predominantly due to us suspending work on pushing toward the next rollover to deal in the short-term with holding the contingency ceremony described above, and right now continuing to monitor the arc of the pandemic and getting a better handle on its long-term implicationsbefore we commit to performing future rollovers on a predictable schedule. With that said we do still need to bite the bullet and consolidate our current thinking into a report and get that posted. I'll update this list once that is done. Thanks, kim From mcr+ietf at sandelman.ca Mon Jul 13 21:16:35 2020 From: mcr+ietf at sandelman.ca (Michael Richardson) Date: Mon, 13 Jul 2020 17:16:35 -0400 Subject: [ksk-rollover] some simple/silly questions about root KSK ceremonies In-Reply-To: <20200713203859.GA47258@KIDA-0000.local> References: <2775.1594671600@localhost> <20200713203859.GA47258@KIDA-0000.local> Message-ID: <17258.1594674995@localhost> Kim Davies wrote: > Quoting Michael Richardson on Monday July 13, 2020: >> >> Three questions: >> >> 1) Should I refer to >> https://www.iana.org/dnssec/icann-dps.txt >> or https://www.iana.org/dnssec/dps/zsk-operator/dps-zsk-operator-v2.0.pdf >> >> as the authoritative document? > The former is the KSK Operator DPS, the latter is the ZSK Operator DPS. > They are two distinctly different documents given KSK and ZSK operations > are split in the root zone across two different entities. If you are > referring to KSK management you should cite the former document. Ack. Stupid eyes couldn't see that difference :-( > You're right that the staff report is overdue. That is predominantly .. no criticism intended, just not sure if I can report authoritatively yet :-) > With that said we do still need to bite the bullet and consolidate our > current thinking into a report and get that posted. I'll update this > list once that is done. Thank you kindly. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =- -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 487 bytes Desc: not available URL: