[ksk-rollover] [Ext] Re: Starting discussion on acceptable criteria for proceeding with the root KSK roll
S Moonesamy
sm+icann at elandsys.com
Sun Jan 7 20:19:46 UTC 2018
Hi David,
At 09:37 AM 07-01-2018, David Conrad wrote:
>Yes. But I'm still not seeing where 2020 comes in. All the above is
>saying is that the 2010 KSK was in a position to be rolled after 2015.
The first KSK was introduced in 2010. That statement is about doing
a KSK after five years. I multiplied the duration by two, hence the year 2020.
There was a discussion about the rollover in 2013. The delays since
them could be interpreted as meaning that the KSK roll is
indefinitely postponed. At some point there may be discussions about
whether all this is reliable.
>Sorry, where are you getting your numbers?
The numbers are from
https://www.icann.org/news/blog/update-on-the-root-ksk-rollover-project
>To be clear, we're now seeing about 8% of the RFC 8145-reporting
>resolvers (which is, of course, a subset of all validating
>resolvers) indicating they're configured for only KSK-2010. The
>issue is that we have no good idea of figuring out how many end
>users that percentage is representing and what the implications of
>breaking resolution for those end users will be.
According to data published by APNIC, 10.82% of DNSSEC validation
worldwide is from Google Public DNS. It should be possible to take
that number out of the equation by talking with someone at Google.
The (8%) number is not meaningful if I cannot explain it in an easily
understandable manner. Would breaking resolution have an impact
which is similar to the 2016 Dyn outage? Would it take down a
significant part of the internet in a country?
Regards,
S. Moonesamy
More information about the ksk-rollover
mailing list