[RSSAC Caucus] Collected KSK comments
George Michaelson
ggm at algebras.org
Mon Dec 16 06:32:14 UTC 2019
On Mon, Dec 16, 2019 at 2:55 PM Fred Baker <fred at isc.org> wrote:
> The proposal should include measurement. (George: specifically what would you like to measure?)
Generally:
* Active experimentation in things like APNIC Labs, ATLAS, other models.
* Passive capture in things like DITL root operator
captures/samples/logs, so we can do before/during/after checks.
Specific things it might be worth doing:
* count cutover from UDP to TCP due to TC/Frag effects. change in
underlying UDP/TCP ratios
* count failure to complete DNNSEC. (presumed as 'excess query load
in DNSSEC contexts, more than before the increase in packetsize)
* count of changes in query load,
* increases in non-DNSSEC query (presumed as 'because of failure')
* any packet level measure which is capable of identifying code
type/version, visible changes in version (signs of adoption of new
code, with known capabilities)
I see potential for deliberate A/B testing even within a root letter:
de-cohere state for some fraction of responses, (reply with variant
legal responses) and see how things change, but this might be
contentious, more likely to cause surprise. breaks POLA.
(declaration of interest: I work with people who measure DNS in APNIC,
RIPE, I am chair of the DNS OARC)
More information about the rssac-caucus
mailing list