[ksk-change] planned vs. emergency (was Re: [ksk-rollover] root zone KSK ...)

[David Conrad]

Mike,

On Sep 21, 2014, at 12:01 PM, Michael StJohns <msj at nthpermutation.com> wrote:
> You say "5011 can't help with that scenario" ... but the truth is, NOTHING can help you with that scenario due to the one-way nature of DNS data.  

Actually, nothing _in-band to the DNS_ can help.

However, IIUC, we must be able to cope with scenarios in which we can’t trust any of the keys. I believe there are two scenarios in which this occurs: bootstrapping and catastrophic compromise of all keys.  As far as I am aware, 5011 cannot help either of these cases, so we have to have some mechanism that will allow for key {rollover,change} without the benefit of 5011.

Given this, I’m still struggling to see the benefit that 5011 brings. This is not intended as criticism of 5011, rather it is a question related to pragmatics.

Regards,
-drc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20140921/9a1e344e/signature-0001.asc>