[Yeti DNS Discuss] ICANN Root Zone KSK Rollover Plan
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Aug 19 16:18:02 UTC 2015
On Mon, Aug 10, 2015 at 03:34:52PM +0800,
Davey(宋林健) <ljsong at biigroup.cn> wrote
a message of 78 lines which said:
> FYI
>
> https://www.icann.org/en/system/files/files/root-zone-ksk-rollover-plan-draft-04aug15-en.pdf <https://www.icann.org/en/system/files/files/root-zone-ksk-rollover-plan-draft-04aug15-en.pdf>
Do note there is still no date determined...
I find the ICANN document basically OK but:
* the "communication plan" seems a bit light. This will be _the_ big
problem since the document clearly says that RFC 5011 and software
updates won't be sufficient.
* Among the testbeds, Yeti is not mentioned.
* About RFC 5011, the ICANN document mentions the risk of
non-implementation and the risk of bad implementation but not the risk
of bad configuration (for instance, the key in a directory where the
daemon cannot write, something current Unbound and BIND packages do
not handle automatically).
* on the governance side, the document only comes from US
organizations (ICANN, Verisign, NTIA)
More information about the discuss
mailing list