[Comments-ksk-rollover-restart-01feb18] RrSG response to Plan to Restart the Root Key Signing Key (KSK) Rollover Process

Tue Apr 3 12:03:25 UTC 2018

Hello,

On behalf of the Registrar Stakeholder Group (RrSG) I would like to submit the comment below on the Plan to Restart the Root Key Signing Key (KSK) Rollover Process.

Kind regards,

Zoe Bonython
RrSG Secretariat

__________________________________________________________________

The RrSG would like to stress the importance of everyone involved in the operation of the DNS being fully prepared for the rollover.  Having a secure and stable DNS is at the core of ICANN’s mission and of huge priority and importance to the RrSG.  As the providers of domains and related services, both the clients and the business of registrars will of course be significantly impacted if the rollover results in domains or entire TLDs ceasing to function. With these priorities in mind we applaud ICANN’s previous decision to postpone the rollover and efforts to further study the likely impacts. While we are not inherently opposed to the rollover going forward on the currently proposed date of October 11, 2018, we would like to raise some concerns, recommendations, and questions that we believe should be before the rollover occurs.

First, while the efforts undertaken to date to study why some validating recursive resolvers were not ready for the root KSK rollover are undoubtedly valuable, the actual findings were largely inconclusive and the proposed approach to proceed as planned given the paucity of information raises some concerns. ICANN should take time leading up to the scheduled rollover to undertake further study and preparation and consider whether further avenues of research are available that would improve preparedness.

ICANN org’s stated intent to 'publicise the new date and attempt to get more validating resolver operators ready for the rollover’ is equally important and should be done with maximum effort to ensure the DNS does remain both secure and stable. The RrSG believes ICANN org should provide further information on exactly how and when they will be reaching out to DNS operators, so that the community can help fill any gaps that may exist either in the process or the parties who need to be engaged with. 

Lastly, beyond providing a summary of the additional efforts since the delay of the rollover, ICANN should publish a comprehensive, updated project plan to make clear to the community whether there are any modifications to the originally proposed schedule and set of contingency plans as a result of the additional study. The updated plan as well as comments from the current period could form the basis for a discussion with affected parties about the tradeoffs between moving forward accepting current risk and delaying the rollover to improve understanding and mitigation. 

A successful KSK rollover is critical to ensuring continued trust in the DNS. ICANN and the community should proceed with care to ensure that robust efforts to prepare for the rollover and notify affected operators are completed before moving forward with the timeline.