[Yeti DNS Discuss] ICANN Root Zone KSK Rollover Plan

Shane Kerr shane at biigroup.cn
Thu Aug 20 07:49:33 UTC 2015 

Stephane,

On 2015-08-19 18:18:02+0200 (Wednesday)
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> On Mon, Aug 10, 2015 at 03:34:52PM +0800,
>  Davey(宋林健) <ljsong at biigroup.cn> wrote 
>  a message of 78 lines which said:
> 
> > FYI
> > 
> > https://www.icann.org/en/system/files/files/root-zone-ksk-rollover-plan-draft-04aug15-en.pdf <https://www.icann.org/en/system/files/files/root-zone-ksk-rollover-plan-draft-04aug15-en.pdf>

I sent a separate mail about Yeti plans around this document just now,
but I thought that I should reply to your mail.

> Do note there is still no date determined...

Yes... I will refrain from making a comment about the root KSK not
being rolled after 5 years as documented in the root KSK DPS, and it
being a waste of time to make a comprehensive DPS if you don't follow
it. ;)

> I find the ICANN document basically OK but:
> 
> * the "communication plan" seems a bit light. This will be _the_ big
> problem since the document clearly says that RFC 5011 and software
> updates won't be sufficient.

Yes, that's true.

> * Among the testbeds, Yeti is not mentioned.

Also true. I did explicitly mention that Yeti would be happy to help a
couple times, although I did not put it in writing. (A good reminder to
me that e-mail is actually important.) 

> * About RFC 5011, the ICANN document mentions the risk of
> non-implementation and the risk of bad implementation but not the risk
> of bad configuration (for instance, the key in a directory where the
> daemon cannot write, something current Unbound and BIND packages do
> not handle automatically).

Yes, this is true.
 
> * on the governance side, the document only comes from US
> organizations (ICANN, Verisign, NTIA)

Those are the only organizations involved with the current root
management today, right? I think that all other organizations are
involved through one of those three (mostly through ICANN).

My guess is that the people who wrote the document were just
documenting the current situation. What do you think it should say
differently?

Cheers,

--
Shane

More information about the discuss mailing list