Re: [DNSOP] Informal meeting about root KSK futures at IETF 103

Dr Eberhard W Lisse <el@lisse.NA> Tue, 30 October 2018 22:38 UTC

Return-Path: <el@lisse.NA>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0077212D4F0 for <dnsop@ietfa.amsl.com>; Tue, 30 Oct 2018 15:38:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.87
X-Spam-Level:
X-Spam-Status: No, score=-0.87 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MISSING_HEADERS=1.021, SPF_PASS=-0.001, T_HK_NAME_DR=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O6gI4LAz0Vqm for <dnsop@ietfa.amsl.com>; Tue, 30 Oct 2018 15:38:49 -0700 (PDT)
Received: from wneu.omadhina.co.na (wneu.omadhina.co.na [196.216.41.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0B70124BE5 for <dnsop@ietf.org>; Tue, 30 Oct 2018 15:38:48 -0700 (PDT)
Received: from [192.168.178.66] (xdsl-89-1-133-90.nc.de [89.1.133.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by wneu.omadhina.co.na (Postfix) with ESMTPSA id D470832C0061; Wed, 31 Oct 2018 00:38:43 +0200 (CAT)
Reply-To: el@lisse.NA
Cc: el@lisse.NA, dnsop <dnsop@ietf.org>
References: <00E03DAE-9403-49B2-8489-6F7F35D18534@icann.org> <CAJhMdTP-bh1yeOOCS+08rAMhkgyk6yZa9tpQvZ36rR7N=RoQow@mail.gmail.com> <23511.13515.365128.519464@gro.dd.org> <23511.14092.990015.593983@gro.dd.org> <CABf5zv+1XFPWaaX1x=W5pAK7rC4HYQ2OsQ4vvoADgKaQufjmBw@mail.gmail.com> <A800B089-EC3C-4DEF-95FD-3314ACB311A5@hopcount.ca> <CABf5zvL=VJdzJybYGR6pQFpapS=A9nQuPK-+vR2T7cptRkx5AQ@mail.gmail.com> <alpine.DEB.2.20.1810301103240.24450@grey.csi.cam.ac.uk> <A54BF075-89AB-4460-B0B8-15BA18C5DC18@isc.org>
From: Dr Eberhard W Lisse <el@lisse.NA>
Openpgp: preference=signencrypt
Autocrypt: addr=el@lisse.NA; prefer-encrypt=mutual; keydata= xsFNBFTW2UgBEAC+yiJJrC9Pilq+OnnMUgK2ALSA/z3Cmxtsbv18sF+Kx0ott5W8X8LFVcJ3 fwpRAXeq+yQ6QZPOtky/xsEzTVDj/b/sxP9nTi378j3ROSq74NnMEQBdGydR/VITtT7xlcUx EI9V0cWGxhOaaA1DMnKM+M7frGPjsEscv0Ep5UjeriL2cerk5h/6Hn/wre8Iks3++4KcIGgo 6Mh9XiyKre7Ki3d4B9XNxHbXi9KwnBsCmUb5Jy5xqAeNuNtBTzL0V7T0Iw3SgG/dEKcEhqdh a4bEjxpsUXm/b9bmX5qmuhbQR4/HuxJ4WONYMc8x2eJ6to+h32jZPZee6J2HZYwAh8GD+5KU 9JzzQK/ShGVDzneE64K3NIiNrX8OAx+cWCwZ2c8mlbi/czS/XRSXl0Em6ry9pC6c5a00rBOq UavHUDEKdmXcHwxQxKF6Sv5Fg8q+02BSNU/OGV08GsVJWtJlLBc1iAyUs5V5d0cqtOUrUxFv lU699mqGs7yJqladxE1awu9hqqcfY42oFCtXgT72LgK3CFNMjnsyQ0kaGFkdfqxH+lY1MvEW sq2BLFdFNSn4cqr2n5FqIwWu09sr4Vls8rdYk/cvICa/uoG2Vifs+LpuU/9Dx093Z9f4J5gF fWB2v/ZByskLRTE9UXclt/Wev2oId34jGEWPc1o1l3dNpqUE9QARAQABzSFEciBFYmVyaGFy ZCBXIExpc3NlIDxlbEBsaXNzZS5uYT7CwYEEEwECACsCGwMGCwkIBwMCBhUIAgkKCwQWAgMB Ah4BAheAAhkBBQJVYkdgBQmejVUYAAoJEJcFHaN5RT+rO24QAJDprh7eqnOpTRFcA3tAEUOG JWYMVZLa2tiui52qiOfc4DBpDqThMQo/WkUohEvyE0FwS9f4ARv6kUVfzNmqeZSNjo/wcqVw yUFduOYWBmUGtxk4Y3Cy0C7LYn0EcOc7/A582b9hPAqPz8dK7EMCd8aBFCbYZRoPQvSgmaQz r3rCGNAmd3l7CHBvEyIp7NFgvEjUBbsBF1MQDkJhuGcLqJH+N6ZPR2tAY4IImAfAOT53bqe5 OnTNnMjikFmy4Ql5+OvEDb3nDd8axneKc9tTI27QiQEsxC/8W7r0MrFtdu5GTmkqtK0Nup+j rHtUPmwi9FL25kqRdWnrclFK9yr3zwva6jvfp6YhSI+KuITWlDGfHtD7A0TwE9Dljuch/JEB 2ziadh4rNHO4Jj/nFWzdCrnd+/HdVZfjjI76Yxdf33RD/CtZ+R4QGRAmP87RRIqdWJYyIttc Kji7o5aqnFRtXO838qlU0Fo7oxZGDG9/ec7Et6B9UJc3AJ1VVPNdmf/zV/TOOozINOjN+Lna YSsUu22BRnbVoB6cs+cQtF/YR3pJRYg91t1JRep5WzZI8k++7qbGCq0shm+GWfybep4Ov3rc /2eGlX0ExmiiV7f2G0YuE03et/W83XuLEIdapyBb3XP7+xz1fdxA2hLJ/iEpoK/0AmYVc7Jr bItqfHzRTfZ6zsFNBFTW2UgBEADA98NelNqW5t1mr6PCJ9k3N6gbZM0aYBk+aJVaBNNW1SJO UOq8Z7Od7f4jvXmUdE8FKbxgfRFfLySQC8xWXObnmfomWwIG9F5usBdN+1A8ppqK0p/Skwn+ 6lQy66mG56CWpcpWV7J5H5I9rYXz2KnIrrbRJacNoz2xVxuE52Pd4X2QqHdUSeblBnd1s6YI ruzmt7QhcvDwbKJIu4ln+jfDBkWcBLDCveAhbexFD9B/nYCz3xw8sPPBSPWkc+UpdK/6Qbkj BVw+QQLpil6zJbLEEKMVgWY07f99RuNKyo0UKOl8s3scIoN4iGyxhEEOhknyw4psE3jdWb68 c3HXDNc3SjET+RVMQba433nnJT43Vv38B81R5SbgN0+9qU0GeyW4iJX9Q5k3gPWOe0X/db5v GF8PqdNPS9BKgu1X671g1SB4cHZedQw93DjhkigomOlA7RFB2VdXDS5pQZsXgJvjtPRRpSOz veDobslnFPaA14/QMFT+oGAarotSJJg2iG8m8crsDFPSh/aukUex44CkRXZ1MEb1/nNecIsT IL8cwr+F5BKP3BjLLwOLjfkc+VLcm59jRWtY0cwtby6qpfHdWXzg7ksByECQEEUX2noYw5MC kl4QnsrqFKsO3XQ69mpmhBnOx0AjfZfO+tIJ1OWxvyrYRHUCkcwzkfvN7yGtMwARAQABwsFl BBgBAgAPAhsMBQJVbZLBBQmejML5AAoJEJcFHaN5RT+rp5gP+gM3PbRsjZ57N52WPC/HTW43 /xI4BqCVbjSDb+BUDXXbXLyVEk4++EPP1GhKmBv2qLcbFUXRLqtERXu7T8J+iSux1E23lQqD HtkGtYhRyWQjh5LfCFPrXS5bbjhibRJPLaHYTm4rRzusJasw1ZNM5rwYcxvef0fXfEncDu+J tvPUbmYm2QIAw+8k+449hZiHMyo2/dw6aMG53DEtCcRBbpbP7MEC+7iu3MOVqxYocoe8biS+ gOyp7bdwVskM3F/n5oz/FRBsQoAO9n/z5eRbhq/HG81W0llUhCklNXIl5+7xAKQ2RHGJGlOf hUNXWDVa8NClzty8wUabIasFs3hZ4lTLOmbI2VjSwPSJ0s2uhDA3ce8bbVzwZCajMDzffqx2 ibdiZnBNXYG+2pDEvJtzNYkOHW7Ms3PsEUrxRpsqHWL+lEud3JaEuUkxeC2V0Rs0G+pWbY6Q m1MG9Ohvdd+TkxJJo6Qp2eI95oef2pWV5HcQWjadcZn9NVGbbV/nXSdCIM/CLViTUU7/7AKq rRyHpkT9ArdPCE89U06A25RX5hfuadLyJj+/5vv5D+VwrqWkGR2D0027qriOrHBwdzQ1JpHw d11t+z77vrKRWFwmgt1OHq+LqgP2Vhm8OjR5nf7lT/orPHoVnOfswsR5VNP9y6M1guu9iYB8 zFz9wx71rOpQ
Organization: Dr Eberhard W Lisse
Message-ID: <47aae89b-6a0c-57f6-9291-64ad0d1e29df@lisse.NA>
Date: Tue, 30 Oct 2018 23:38:40 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <A54BF075-89AB-4460-B0B8-15BA18C5DC18@isc.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/nDFlgf5GIcS8-9wigjp8az71PKs>
Subject: Re: [DNSOP] Informal meeting about root KSK futures at IETF 103
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Oct 2018 22:38:51 -0000

Mark,

but would regular rolls not put vendors into a 'habit' of getting
updates onto their package managers?

el

On 2018-10-30 23:31 , Mark Andrews wrote:
> Ultra frequent key rolls are not necessary.  It takes years the latest
> releases of name servers to make it into shipping OS’s.  The last KSK
> worked so well in part because there was a large amount of time
> between publishing the new KSK and using the new KSK. This allowed
> name server vendors to publish releases with the new KSK and for those
> release to make it into some OS releases.
> 
>> On 30 Oct 2018, at 10:05 pm, Tony Finch <dot@dotat.at> wrote:
>>
>> Steve Crocker <steve@shinkuro.com> wrote:
>>
>>> I had advocated early and frequent rollovers for precisely the
>>> reason: keep doing it until it’s easy, so we’re in strong agreement.
>>
>> Yes, I would like to see annual rollovers.  Keep that hinge greased
>> :-)
>>
>> Tony.

-- 
Dr. Eberhard W. Lisse          / Obstetrician & Gynaecologist (Saar)
el@lisse.NA            / *     |   Telephone: +264 81 124 6733 (cell)
PO Box 8421                  /
Bachbrecht, Namibia     ;____/