[Comments-proposal-future-rz-ksk-rollovers-01nov19] proposed future rz KSK rollover plan
John Dickinson
jad at sinodun.com
Mon Nov 25 13:26:58 UTC 2019
A couple of thoughts…
I would like to see a reference to RFC 7958. I know it is on IANA’s
Trust Anchor and Keys page. However, since it defines the meanings of
some of the terms used in the xml and this document it should be
referenced here.
I think the validFrom and validUntil fields in the trust anchor file
could be more explicitly linked to the stages of this document. I can
imagine that a reader might wonder if the validFrom is the start of
stage E, D, C or even B as indicated in Section 2.2. Are you sure you
mean B? Likewise, validUntil might be end of E or F. RFC 7958 only
states that “Relying parties SHOULD NOT use a KeyDigest outside of the
time range given in the validFrom and validUntil attributes.” it does
not say what “use” means.
2.4 states “Note that the timelines given here are aspirational and
not guaranteed. If an event occurs that warrants detailed study before
proceeding, the rollover process can pause with the active KSK
continuing to be used, even if doing so exceeds the nominal three-year
period.” could this cause problems for operators relying on the
validFrom and validUntil attributes?
It would be nice if the legend in the timeline diagram showed the name
of the phase and not the letter.
regards
John
John Dickinson
https://sinodun.com
Sinodun Internet Technologies Ltd.
Magdalen Centre
Oxford Science Park
Robert Robinson Avenue
Oxford OX4 4GA
U.K.
More information about the Comments-proposal-future-rz-ksk-rollovers-01nov19
mailing list