[Yeti DNS Discuss] ICANN Root Zone KSK Rollover Plan

Jaap Akkerhuis jaap at NLnetLabs.nl
Thu Aug 20 08:18:48 UTC 2015

 Shane Kerr writes:

 > Also true. I did explicitly mention that Yeti would be happy to help a
 > couple times, although I did not put it in writing. (A good reminder to
 > me that e-mail is actually important.) 
 > > * About RFC 5011, the ICANN document mentions the risk of
 > > non-implementation and the risk of bad implementation but not the risk
 > > of bad configuration (for instance, the key in a directory where the
 > > daemon cannot write, something current Unbound and BIND packages do
 > > not handle automatically).
 > Yes, this is true.
 > > * on the governance side, the document only comes from US
 > > organizations (ICANN, Verisign, NTIA)
 > Those are the only organizations involved with the current root
 > management today, right? I think that all other organizations are
 > involved through one of those three (mostly through ICANN).
 > My guess is that the people who wrote the document were just
 > documenting the current situation. What do you think it should say
 > differently?

This is not a complete plan, but the goal of the report is:

    operational recommendations intended to guide the RZM Partners in
    producing a detailed impl ementation plan for executing the first
    Root Zone KSK rollover.

So yes, the final plan will be limited by the current situation. We
are talking about a key roll-over with minimal disruption.

If there are comments to make to the report, make then on the Comments
Forum <http://forum.icann.org/lists/comments-root-ksk-06aug15>. That
way there is a better chance they get noticed.


More information about the discuss mailing list