[dns-operations] Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories

Jay Daley jay at nzrs.net.nz
Mon Feb 8 19:43:02 UTC 2010

On 8/02/2010, at 4:31 AM, Shane Kerr wrote:

> ...
> I am wondering if we can also take something here to the reoccurring
> debate about the utility of regular KSK rollovers.
> In that debate, one argument is that since there is no cryptological
> motivation for a KSK rollover, that these should be done only when the
> KSK is possibly compromised. The other argument is that we need to do
> regular rollovers so that when an emergency rollover is necessary it
> will work.
> This strikes me as indicating that even with regular rollovers, things
> will still break. Which kind of supports the idea of rolling over only
> in emergency, doesn't it? At least in that case you *might* never have
> to go through the pain of making some domains go dark for some users....

I have a lot of sympathy for this view but I still have some questions unresolved:

1.  Is this pain if it happens, actually necessary to ensure that people learn to do things properly?

2.  Can a regular KSK rollover be scheduled to minimise the impact of the pain (in my TLD is certainly can because most of our registrants are in the same time zone) and would learning the lessons that way reduce the pain if any emergency KSK rollover were needed, which presumably could not be scheduled so?

3.  Do we need to apply "Rumsfield's Razor" (tm) to this problem - "There are known unknowns. That is to say, there are things that we now know we don’t know. But there are also unknown unknowns. These are things we do not know we don’t know." - and so be rolling KSKs in case they have been compromised but we just don't know about it?

any views?


Jay Daley
Chief Executive
.nz Registry Services
desk: +64 4 931 6977
mobile: +64 21 678840

More information about the dns-operations mailing list