[ksk-rollover] Starting discussion on acceptable criteria for proceeding with the root KSK roll
Jacques Latour
Jacques.Latour at cira.ca
Wed Jan 10 14:50:13 UTC 2018
And we should work with all the major search engine to make the DNSSEC/DNS failure related searches are more relevant during the rollover, on terms like SERVFAIL, DNSSEC, DNS resolution failure, etc.... and links to resolve. They won't be searching for KSK rollover and it should be mobile friendly.
The google top box (don't know what's it called) should say on DNS/DNSSEC search on the day we roll the key "We just rolled the KEY, if you're experiencing DNS issues, please ..."
Jack
> -----Original Message-----
> From: ksk-rollover [mailto:ksk-rollover-bounces at icann.org] On Behalf Of Petr Špacek
> Sent: January 10, 2018 8:34 AM
> To: ksk-rollover at icann.org
> Subject: Re: [ksk-rollover] Starting discussion on acceptable criteria for proceeding with the root KSK roll
>
> On 5.1.2018 23:12, David Conrad wrote:
> > On January 5, 2018 at 2:06:10 AM, S Moonesamy (sm+icann at elandsys.com
> > <mailto:sm+icann at elandsys.com>) wrote:
> >> The plan was put on hold because of the
> >> data from September 2017. At the moment it is
> >> unknown if/when there will be a KSK roll. Is not
> >> doing a KSK roll by 2020 [1] a viable option?
> >
> > Speaking personally, I’m hoping we can do the rollover long before 2020.
> > The key is for the community to provide some sort of guidance to the
> > ICANN Org about how to move forward. So far, my impression is that to
> > date, most of the input from this mailing list has been “do it now”,
> > implying we do NOT need to assess "the impact on users” (as mentioned
> > in https://www.icann.org/news/blog/update-on-the-root-ksk-rollover-project).
> > This means that the plan that will be published on 31 January for public
> > comment will say the input we have received suggests the majority of
> > contributors do not believe we need to take potential negative impact of
> > the KSK rollover into account.
>
> I think this is misunderstanding. I haven't seen anyone saying that "we
> [do not] need to take potential negative impact of the KSK rollover into
> account", rather than "people will fix it if it really breaks".
>
> Let me state my interpretation of the discussion (in the following text,
> "contributors" reads "me"):
>
> Contributors believe that there is no way to reliably measure readiness
> for the rollover, and that tools for such measurement will not be
> available in upcoming years.
>
> ---
> While not having reliable data, contributors believe that KSK rollover
> process already got sufficient publicity and that breakage will be dealt
> with swiftly, similarly to other security issues or DDoS attacks. For
> these reasons risk of postponing KSK rollover indefinitely is deemed to
> be higher than risk of breakage which will be fixed using usual methods.
> ---
>
> I hope it helps to explain how others might read this discussion.
>
> --
> Petr Špaček @ CZ.NIC
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
More information about the ksk-rollover
mailing list