[RZERC] FINAL RZERC Feedback on the Updated Plan for Continuing the Root KSK Rollover

Wed Aug 1 20:15:26 UTC 2018

I do agree that we did indeed had some discussion on the topic.

On 2018-08-01 5:13 p.m., Russ Mundy wrote:
> Hi Peter,
>
> I’m afraid that I have to agree with Jim’s objection to your objection. I’m fairly certain that we did have a short discussion about the issue during our meeting in Panama and there were no objections raised in that meeting or in the mail list/doc review times to the sentence.  
>
> From your email, it sounds like you’re interpreting the meaning of regular to infer “frequent” rollovers [for some value of “frequent”] - the sentence you object to does not state a time or timeframe for the rollovers so I don’t think it should be viewed as an RZERC recommendation for frequent rollovers.  Rather, it says that future rollovers should be scheduled to take place at predefined regular intervals.  
>
> There are both commercial software vendors and open source software products that have contributed to the “8145 single/static key” problem that have been discussed in various public forums, see:
>
> http://www.iepg.org/2018-07-15-ietf102/github-trust-anchors.pdf
>
> I think that the problem of software with only one static key indirectly impeding root KSK was part of the earlier RZERC discussions which is, I believe, the reason that the sentence is in the document.
>
> So from both a process perspective and an actual content perspective, I am strongly in favor of retaining the sentence in the final RZERC document.
>
> Russ 
>
>> On Aug 1, 2018, at 11:42 AM, Peter Koch <pk at DENIC.DE> wrote:
>>
>> Steve, fellow RZERC members,
>>
>> On Tue, Jul 31, 2018 at 06:25:26PM +0000, Steve Sheng wrote:
>>
>>>  If there are no further comments, this response will be sent to ICANN by 2 August.
>> thanks for providing this updated document. With regret, I have to raise one issue:
>>
>> The final sentence
>>
>> 	Once an initial rollover has taken place, the RZERC suggests that future
>> 	rollovers be done at predefined regular intervals in order to minimise the
>> 	risks arising from static configurations that may harm future changes to the root KSK
>>
>> This issue is not relevant to the question in front of the committee. Also, to the best
>> of my knowledge, this sentence was not discussed during the AC call - I'd have raised
>> my objection back then. Also, on its substance, we do not have any research or
>> other information available to us that would support a statement about frequent
>> rollovers.  Finally, it is unclear that 'static configurations' are at the core of the
>> operational issue or the 8145 observations, respectively.
>>
>> RZERC might want to engage in discussing a shift to frequent rollovers (and now that the
>> Board has asked RZERC explicitly about KSK rollover, the fact that the rollover was
>> started before RZERC came into existent, seems no longer valid.  If the committee
>> members agree that the issue of frequent rollover is important, we should address the
>> issue in a proper advice, not en passant to the Board response.  Any immediate
>> remark would preempt a future, more elaborate response.
>>
>> So, I consent to the text circulated on 31 July, provided the final sentence is removed.
>>
>> Best regards,
>>    Peter
>> _______________________________________________
>> RZERC mailing list
>> RZERC at icann.org
>> https://mm.icann.org/mailman/listinfo/rzerc
> _______________________________________________
> RZERC mailing list
> RZERC at icann.org
> https://mm.icann.org/mailman/listinfo/rzerc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/rzerc/attachments/20180801/b3187c60/signature-0001.asc>