Re: [DNSOP] Informal meeting about root KSK futures at IETF 103

Mark Andrews <marka@isc.org> Tue, 30 October 2018 23:40 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD28F130DC7 for <dnsop@ietfa.amsl.com>; Tue, 30 Oct 2018 16:40:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_RED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9voNNXCZD5D4 for <dnsop@ietfa.amsl.com>; Tue, 30 Oct 2018 16:40:43 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F4851277CC for <dnsop@ietf.org>; Tue, 30 Oct 2018 16:40:43 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id F07F63AB044; Tue, 30 Oct 2018 23:40:42 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id E1EC1160067; Tue, 30 Oct 2018 23:40:42 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id D372B16007D; Tue, 30 Oct 2018 23:40:42 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Cv2iySIRQeC4; Tue, 30 Oct 2018 23:40:42 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 3DFD8160067; Tue, 30 Oct 2018 23:40:42 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <47aae89b-6a0c-57f6-9291-64ad0d1e29df@lisse.NA>
Date: Wed, 31 Oct 2018 10:40:39 +1100
Cc: dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <E97CC6A9-DB13-49D4-99CB-A18656B734FF@isc.org>
References: <00E03DAE-9403-49B2-8489-6F7F35D18534@icann.org> <CAJhMdTP-bh1yeOOCS+08rAMhkgyk6yZa9tpQvZ36rR7N=RoQow@mail.gmail.com> <23511.13515.365128.519464@gro.dd.org> <23511.14092.990015.593983@gro.dd.org> <CABf5zv+1XFPWaaX1x=W5pAK7rC4HYQ2OsQ4vvoADgKaQufjmBw@mail.gmail.com> <A800B089-EC3C-4DEF-95FD-3314ACB311A5@hopcount.ca> <CABf5zvL=VJdzJybYGR6pQFpapS=A9nQuPK-+vR2T7cptRkx5AQ@mail.gmail.com> <alpine.DEB.2.20.1810301103240.24450@grey.csi.cam.ac.uk> <A54BF075-89AB-4460-B0B8-15BA18C5DC18@isc.org> <47aae89b-6a0c-57f6-9291-64ad0d1e29df@lisse.NA>
To: el@lisse.NA
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mlFdR57zUCqVB2flHKm2DSH6XHQ>
Subject: Re: [DNSOP] Informal meeting about root KSK futures at IETF 103
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2018 23:40:45 -0000

Name server vendors have NO CONTROL over when down streams pick up changes.
We would like OS vendors to pick up maintenance release sooner than they do.
It would reduce the amount of time we spend diagnosing already fixed issues.
We spend the time back porting fixes so people can have stable interfaces
and fixed code.  The more maintenance releases installed the better the bang
for buck that work achieves.

> On 31 Oct 2018, at 9:38 am, Dr Eberhard W Lisse <el@lisse.NA> wrote:
> 
> Mark,
> 
> but would regular rolls not put vendors into a 'habit' of getting
> updates onto their package managers?
> 
> el
> 
> On 2018-10-30 23:31 , Mark Andrews wrote:
>> Ultra frequent key rolls are not necessary.  It takes years the latest
>> releases of name servers to make it into shipping OS’s.  The last KSK
>> worked so well in part because there was a large amount of time
>> between publishing the new KSK and using the new KSK. This allowed
>> name server vendors to publish releases with the new KSK and for those
>> release to make it into some OS releases.
>> 
>>> On 30 Oct 2018, at 10:05 pm, Tony Finch <dot@dotat.at> wrote:
>>> 
>>> Steve Crocker <steve@shinkuro.com> wrote:
>>> 
>>>> I had advocated early and frequent rollovers for precisely the
>>>> reason: keep doing it until it’s easy, so we’re in strong agreement.
>>> 
>>> Yes, I would like to see annual rollovers.  Keep that hinge greased
>>> :-)
>>> 
>>> Tony.
> 
> -- 
> Dr. Eberhard W. Lisse          / Obstetrician & Gynaecologist (Saar)
> el@lisse.NA            / *     |   Telephone: +264 81 124 6733 (cell)
> PO Box 8421                  /
> Bachbrecht, Namibia     ;____/
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org