[Yeti DNS Discuss] ICANN Root Zone KSK Rollover Plan
Jaap Akkerhuis
jaap at NLnetLabs.nl
Thu Aug 20 08:18:48 UTC 2015
Shane Kerr writes:
>
> Also true. I did explicitly mention that Yeti would be happy to help a
> couple times, although I did not put it in writing. (A good reminder to
> me that e-mail is actually important.)
>
> > * About RFC 5011, the ICANN document mentions the risk of
> > non-implementation and the risk of bad implementation but not the risk
> > of bad configuration (for instance, the key in a directory where the
> > daemon cannot write, something current Unbound and BIND packages do
> > not handle automatically).
>
> Yes, this is true.
>
> > * on the governance side, the document only comes from US
> > organizations (ICANN, Verisign, NTIA)
>
> Those are the only organizations involved with the current root
> management today, right? I think that all other organizations are
> involved through one of those three (mostly through ICANN).
>
> My guess is that the people who wrote the document were just
> documenting the current situation. What do you think it should say
> differently?
This is not a complete plan, but the goal of the report is:
operational recommendations intended to guide the RZM Partners in
producing a detailed impl ementation plan for executing the first
Root Zone KSK rollover.
So yes, the final plan will be limited by the current situation. We
are talking about a key roll-over with minimal disruption.
If there are comments to make to the report, make then on the Comments
Forum <http://forum.icann.org/lists/comments-root-ksk-06aug15>. That
way there is a better chance they get noticed.
jaap
More information about the discuss
mailing list