[dns-operations] Why roll the KSK? (was Sad news today: systemd-resolved to be deployed in Ubuntu 16.10)
vixie at tisf.net
Mon Jun 6 21:31:50 UTC 2016
Andrew Sullivan wrote:
> It's important to recall that RFC 5011 was chosen from an array of
> competing proposals according to a requirements document that DNSEXT
> produced something like 10 years ago. There's something instructive
> in that, because the requirements were conceived in an environment
> quite different from the one where we are. Perhaps this suggests
> that, in developing standards, requirements documents can do as much
> harm as good: it's hard actually to understand requirements of a
> system you haven't really built yet.
+1. as the author of a competing proposal, i'm not bitter, but i do wish
that the WG had insisted on multiple interoperable implementations
including at least one in open source, for each proposal, and insisted
on a connect-a-thon style bakeoff, before choosing a winner.
yeti-dns is about to start its first KSK roll experiment, using RFC
5011. i expect to be enlightened, one way or the other, by the results.
More information about the dns-operations