[ksk-rollover] will there be another keyrollover?

[Kim Davies]

Hi Michael, Hi all,

In brief, we have two separate initiatives:

1.	Performing a conventional rollover (i.e. no algorithm change), as we did in 2018.
2.	Studying what is involved in doing an algorithm rollover

Both initiatives we'd intended to kick off in 2020 but have been frozen due to the pandemic, which resulted in a mandate to limit operations to core essentials, and also gave us a lack of confidence we could get the right level of community participation.

On the conventional rollover, since we've now been able to _mostly_ return to normal KSK operations in recent months we do think we are able to plan out the next rollover with more certainty. We are seeking full community participation for the next KSK rollover, particularly for the key generation ceremony which is relatively early in the process. That planning work is underway. 

For the algorithm rollover we are developing a project that will involve studying what is involved and coming up with a set of requirements that IANA would need to operationalize. It is expected this work will be conducted in a similar matter to the design team that created requirements for the original rollover. We are aiming to kick this project off at what is being dubbed the "IANA community day" adjacent to the ICANN DNS Symposium (see https://www.icann.org/ids) in mid-November.

kim

On 1/9/2022, 12:42 pm, "ksk-rollover on behalf of Michael Richardson via ksk-rollover" <ksk-rollover-bounces at icann.org on behalf of ksk-rollover at icann.org> wrote:


    Seeing the monthly reminder of my mailing list membership.
    (mailman needed to randomize the chosen reminder date)

    Anyone done any experiments with signed root using some of the NIST
    candidates?    RFC8806 keeps looking better and better to me.


    --
    Michael Richardson <mcr+IETF at sandelman.ca>   . o O ( IPv6 IøT consulting )
               Sandelman Software Works Inc, Ottawa and Worldwide