[RSSAC Caucus] FOR REVIEW: RSSAC Statement on IANA's Proposal for Future Root Zone KSK Rollovers

George Michaelson ggm at algebras.org
Thu Jan 9 22:32:37 UTC 2020 

I read the revised document.  It has the merit of being short. I like short.

Some sentences are now compound, and the role of a comma in a compound
sentence can include implying LINKAGE. I do not see measurement, and
the establishment of root telemetry as irrevocably bound: They are two
things, not one thing. A minor nit.

To the key length. DNS is not a domain where secrecy of past signed
states matters so we do not seek PFS. I think we would be silly to
pre-emptively sign with longer (RSA?) keys in a belief future events
may create breakable state in QC. I think we should continue to
explore SHORTER key lengths by algorithm change, and reconsider this
in the light of QC when QC announces significant return. I think the
work on mitigation should be done but doesn't have to reflect in
signed state yet. Having managed transition to shorted keys in
different Alg, the re-roll into a longer key technology is then
possible and understood: its not being conducted blind.

I'd welcome CFRG input on long term DNSSEC responses to QC. "make RSA
more longerer" doesn't feel to me like the answer.

I could live with this document as-is btw.

-G

On Thu, Jan 9, 2020 at 5:26 AM Andrew McConachie
<andrew.mcconachie at icann.org> wrote:
>
> Dear RSSAC Caucus,
>
> The call to discuss RSSAC’s input to IANA on IANA's Proposal for Future Root Zone KSK Rollovers ended 25 minutes ago.
>
> On the call the Caucus members present resolved all comments in the working document.
> <https://docs.google.com/document/d/1U1qKPRx9URRfiI4jijvLKSCS2W6upZRDppUsbANqIOg/edit?usp=sharing>
>
> Please review the document and provide any final comments by Sunday January 12th. After that the document will be finalized and remain stable for 7 days in preparation for an online vote by the RSSAC.
>
> Thanks,
> Andrew
>
> _______________________________________________
> rssac-caucus mailing list
> rssac-caucus at icann.org
> https://mm.icann.org/mailman/listinfo/rssac-caucus
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

More information about the rssac-caucus mailing list