[RZERC] FINAL RZERC Feedback on the Updated Plan for Continuing the Root KSK Rollover

Russ Mundy mundy at tislabs.com
Wed Aug 1 20:13:23 UTC 2018 

Hi Peter,

I’m afraid that I have to agree with Jim’s objection to your objection. I’m fairly certain that we did have a short discussion about the issue during our meeting in Panama and there were no objections raised in that meeting or in the mail list/doc review times to the sentence.  

From your email, it sounds like you’re interpreting the meaning of regular to infer “frequent” rollovers [for some value of “frequent”] - the sentence you object to does not state a time or timeframe for the rollovers so I don’t think it should be viewed as an RZERC recommendation for frequent rollovers.  Rather, it says that future rollovers should be scheduled to take place at predefined regular intervals.  

There are both commercial software vendors and open source software products that have contributed to the “8145 single/static key” problem that have been discussed in various public forums, see:

http://www.iepg.org/2018-07-15-ietf102/github-trust-anchors.pdf

I think that the problem of software with only one static key indirectly impeding root KSK was part of the earlier RZERC discussions which is, I believe, the reason that the sentence is in the document.

So from both a process perspective and an actual content perspective, I am strongly in favor of retaining the sentence in the final RZERC document.

Russ 

> On Aug 1, 2018, at 11:42 AM, Peter Koch <pk at DENIC.DE> wrote:
> 
> Steve, fellow RZERC members,
> 
> On Tue, Jul 31, 2018 at 06:25:26PM +0000, Steve Sheng wrote:
> 
>>  If there are no further comments, this response will be sent to ICANN by 2 August.
> 
> thanks for providing this updated document. With regret, I have to raise one issue:
> 
> The final sentence
> 
> 	Once an initial rollover has taken place, the RZERC suggests that future
> 	rollovers be done at predefined regular intervals in order to minimise the
> 	risks arising from static configurations that may harm future changes to the root KSK
> 
> This issue is not relevant to the question in front of the committee. Also, to the best
> of my knowledge, this sentence was not discussed during the AC call - I'd have raised
> my objection back then. Also, on its substance, we do not have any research or
> other information available to us that would support a statement about frequent
> rollovers.  Finally, it is unclear that 'static configurations' are at the core of the
> operational issue or the 8145 observations, respectively.
> 
> RZERC might want to engage in discussing a shift to frequent rollovers (and now that the
> Board has asked RZERC explicitly about KSK rollover, the fact that the rollover was
> started before RZERC came into existent, seems no longer valid.  If the committee
> members agree that the issue of frequent rollover is important, we should address the
> issue in a proper advice, not en passant to the Board response.  Any immediate
> remark would preempt a future, more elaborate response.
> 
> So, I consent to the text circulated on 31 July, provided the final sentence is removed.
> 
> Best regards,
>    Peter
> _______________________________________________
> RZERC mailing list
> RZERC at icann.org
> https://mm.icann.org/mailman/listinfo/rzerc

More information about the RZERC mailing list