Re: [DNSOP] Informal meeting about root KSK futures at IETF 103

Mark Andrews <marka@isc.org> Tue, 30 October 2018 22:31 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD126124BE5 for <dnsop@ietfa.amsl.com>; Tue, 30 Oct 2018 15:31:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G2XqBpwrSYQs for <dnsop@ietfa.amsl.com>; Tue, 30 Oct 2018 15:31:56 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E533612D4F0 for <dnsop@ietf.org>; Tue, 30 Oct 2018 15:31:56 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id BEF793AB040; Tue, 30 Oct 2018 22:31:56 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id ACFCD16007E; Tue, 30 Oct 2018 22:31:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 9927016007D; Tue, 30 Oct 2018 22:31:56 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id jMpIFsKN6X0d; Tue, 30 Oct 2018 22:31:56 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 9F8C2160067; Tue, 30 Oct 2018 22:31:55 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <alpine.DEB.2.20.1810301103240.24450@grey.csi.cam.ac.uk>
Date: Wed, 31 Oct 2018 09:31:52 +1100
Cc: Steve Crocker <steve@shinkuro.com>, dnsop <dnsop@ietf.org>, Joe Abley <jabley@hopcount.ca>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A54BF075-89AB-4460-B0B8-15BA18C5DC18@isc.org>
References: <00E03DAE-9403-49B2-8489-6F7F35D18534@icann.org> <CAJhMdTP-bh1yeOOCS+08rAMhkgyk6yZa9tpQvZ36rR7N=RoQow@mail.gmail.com> <23511.13515.365128.519464@gro.dd.org> <23511.14092.990015.593983@gro.dd.org> <CABf5zv+1XFPWaaX1x=W5pAK7rC4HYQ2OsQ4vvoADgKaQufjmBw@mail.gmail.com> <A800B089-EC3C-4DEF-95FD-3314ACB311A5@hopcount.ca> <CABf5zvL=VJdzJybYGR6pQFpapS=A9nQuPK-+vR2T7cptRkx5AQ@mail.gmail.com> <alpine.DEB.2.20.1810301103240.24450@grey.csi.cam.ac.uk>
To: Tony Finch <dot@dotat.at>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EuXJL0QUdEobK4EDBVrkblxB7t4>
Subject: Re: [DNSOP] Informal meeting about root KSK futures at IETF 103
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2018 22:31:59 -0000

Ultra frequent key rolls are not necessary.  It takes years the latest releases of name servers to make it into shipping OS’s.  The last KSK worked so well in part because there was a large amount of time between publishing the new KSK and using the new KSK.  This allowed name server vendors to publish releases with the new KSK and for those release to make it into some OS releases.

> On 30 Oct 2018, at 10:05 pm, Tony Finch <dot@dotat.at> wrote:
> 
> Steve Crocker <steve@shinkuro.com> wrote:
> 
>> I had advocated early and frequent rollovers for precisely the reason: keep
>> doing it until it’s easy, so we’re in strong agreement.
> 
> Yes, I would like to see annual rollovers. Keep that hinge greased :-)
> 
> Tony.
> -- 
> f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
> Shannon, Rockall: Cyclonic becoming west 5 to 7. Rough or very rough. Rain or
> showers. Good, occasionally poor._______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org