<div dir="ltr">David , Olaf, <br><div>I understand both of your points of view, </div><div>I think we need a bigger conversation about Algorithm roll, i.e. if that is a good idea and what algorithm to roll to </div><div><br></div><div>But this conversation can take place in after October 13'th</div><div><br></div><div>Olafur</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 18, 2018 at 8:29 AM, David Conrad <span dir="ltr"><<a href="mailto:david.conrad@icann.org" target="_blank">david.conrad@icann.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">



<div dir="auto" style="word-wrap:break-word;line-break:after-white-space">
<div style="word-wrap:break-word;line-break:after-white-space">
Hi,
<div><br>
</div>
<div>We (ICANN org) don’t have an opinion (individual staff members with their ICANN hats off might :)).</div>
<div><br>
</div>
<div>As you’re probably aware, currently, the DPS states (paraphrasing) we should roll the KSK after 5 years from the point the KSK is put into use.  As such, the next roll is anticipated to be after 11 Oct 2023.</div>
<div><br>
</div>
<div>However, as Matt said, we listen to the community. If the community would like us to roll more frequently, all that we in staff need to know is what that frequency is. There are, of course, operational costs associated with the roll, both at ICANN
 org as well as within the resolver operators community (at least for those folks who prefer to roll manually) that will vary depending on roll frequency, but presumably those costs won’t be too outrageous.</div>
<div><br>
</div>
<div>The next step would probably be to figure out how to get a consensus on what the frequency should be. I’d think that a 'post mortem' report about the current rollover would be helpful in informing that consensus. The Board has already task ICANN
 org with putting together such a post mortem (the analysis Matt mentioned).</div>
<div><br>
</div>
<div>Regards,</div>
<div>-drc</div><div><div class="h5">
<div>
<div><br>
<blockquote type="cite">
<div>On Sep 18, 2018, at 3:44 AM, Olaf Kolkman <<a href="mailto:kolkman@isoc.org" target="_blank">kolkman@isoc.org</a>> wrote:</div>
<br class="m_3441162890709951608Apple-interchange-newline">
<div>
<div style="font-family:Helvetica;font-size:10px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<div id="m_3441162890709951608x_compose-container" style="direction:ltr">
<span><span></span></span>
<div>
<div style="direction:ltr">I agree with Michael, albeit I would phrase it slightly differently:</div>
<div style="direction:ltr"><br>
</div>
<div style="direction:ltr">Rolling the key regularly is a strategic choise and makes a keyroll an operational reality.</div>
<div style="direction:ltr"><br>
</div>
<div style="direction:ltr">How regular (or how frequent) is a tactic. Whether That is yearly, no monthly or once half a decade is a tactic that takes into account some of our learnings. </div>
<div style="direction:ltr"><br>
</div>
<div style="direction:ltr">I would really like to see that strategic position being explicit.</div>
<div style="direction:ltr"><br>
</div>
<div style="direction:ltr"><br>
</div>
<div style="direction:ltr">Olaf.</div>
<div><br>
</div>
<div class="m_3441162890709951608x_acompli_signature">
<div style="direction:ltr">----</div>
<div style="direction:ltr">Composed on mobile device, with clumsy thumbs and unpredictable autocorrect.</div>
</div>
</div>
</div>
<hr style="display:inline-block;width:1135.8125px">
<div id="m_3441162890709951608x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b><span class="m_3441162890709951608Apple-converted-space"> </span>ksk-rollover <<a href="mailto:ksk-rollover-bounces@icann.org" target="_blank">ksk-rollover-bounces@icann.<wbr>org</a>>
 on behalf of Michael StJohns <<a href="mailto:msj@nthpermutation.com" target="_blank">msj@nthpermutation.com</a>><br>
<b>Sent:</b><span class="m_3441162890709951608Apple-converted-space"> </span>Tuesday, September 18, 2018 5:04:31 AM<br>
<b>To:</b><span class="m_3441162890709951608Apple-converted-space"> </span>Matt Larson<br>
<b>Cc:</b><span class="m_3441162890709951608Apple-converted-space"> </span><a href="mailto:ksk-rollover@icann.org" target="_blank">ksk-rollover@icann.org</a><br>
<b>Subject:</b><span class="m_3441162890709951608Apple-converted-space"> </span>Re: [ksk-rollover] ICANN board meeting result and the Current status of KSK-Rollover</font>
<div> </div>
</div>
</div>
<font size="2" style="font-family:Helvetica;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><span style="font-size:11pt">
<div class="m_3441162890709951608PlainText">On 9/17/2018 3:57 PM, Matt Larson wrote:<br>
> The answer I've given when people ask this question is that we need to<span class="m_3441162890709951608Apple-converted-space"> </span><br>
> get through the first rollover and analyze how it goes before we can<span class="m_3441162890709951608Apple-converted-space"> </span><br>
> discuss subsequent rollovers. One can imagine that how the first<span class="m_3441162890709951608Apple-converted-space"> </span><br>
> rollover goes could have a material effect on the timing of the next one.<br>
<br>
This seems like a bad approach given how that we currently have interest<span class="m_3441162890709951608Apple-converted-space"> </span><br>
and opportunity in the roll-over that could catalyze planning for a<span class="m_3441162890709951608Apple-converted-space"> </span><br>
second roll.  This does not - and should not - need to be single<span class="m_3441162890709951608Apple-converted-space"> </span><br>
threaded.    AFAICT, you're going to know most everything you need to<span class="m_3441162890709951608Apple-converted-space"> </span><br>
know a few seconds to a few days after you stop signing the the old key.<br>
<br>
So - I suggest you pick a date now.  Start planning for the next roll<span class="m_3441162890709951608Apple-converted-space"> </span><br>
now.  If your post analysis shows a problem - adapt and overcome and<span class="m_3441162890709951608Apple-converted-space"> </span><br>
adjust the dates if you need to.  It's hard to hit a target if you don't<span class="m_3441162890709951608Apple-converted-space"> </span><br>
put it on calendar.<br>
<br>
Later, Mike<br>
<br>
<br>
______________________________<wbr>_________________<br>
ksk-rollover mailing list<br>
<a href="mailto:ksk-rollover@icann.org" target="_blank">ksk-rollover@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/ksk-rollover" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/ksk-rollover</a><br>
</div>
</span></font><span style="font-family:Helvetica;font-size:10px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">______________________________<wbr>_________________</span><br style="font-family:Helvetica;font-size:10px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<span style="font-family:Helvetica;font-size:10px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;float:none;display:inline!important">ksk-rollover
 mailing list</span><br style="font-family:Helvetica;font-size:10px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<a href="mailto:ksk-rollover@icann.org" style="font-family:Helvetica;font-size:10px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">ksk-rollover@icann.org</a><br style="font-family:Helvetica;font-size:10px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
<a href="https://mm.icann.org/mailman/listinfo/ksk-rollover" style="font-family:Helvetica;font-size:10px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/ksk-rollover</a><br style="font-family:Helvetica;font-size:10px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none">
</div>
</blockquote>
</div>
<br>
</div>
</div></div></div>
</div>

<br>______________________________<wbr>_________________<br>
ksk-rollover mailing list<br>
<a href="mailto:ksk-rollover@icann.org">ksk-rollover@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/ksk-rollover" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/<wbr>listinfo/ksk-rollover</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Ólafur Gudmundsson | <span style="font-size:12.8px">Engineering Director </span><div><span style="font-size:12.8px"><a href="http://www.cloudflare.com" target="_blank">www.cloudflare.com</a> <a href="http://blog.cloudflare.com" target="_blank">blog.cloudflare.com</a></span></div></div></div>
</div>