[dns-operations] Why roll the KSK? (was Sad news today: systemd-resolved to be deployed in Ubuntu 16.10)

Paul Vixie vixie at tisf.net
Mon Jun 6 21:31:50 UTC 2016

Andrew Sullivan wrote:
> It's important to recall that RFC 5011 was chosen from an array of
> competing proposals according to a requirements document that DNSEXT
> produced something like 10 years ago.  There's something instructive
> in that, because the requirements were conceived in an environment
> quite different from the one where we are.  Perhaps this suggests
> that, in developing standards, requirements documents can do as much
> harm as good: it's hard actually to understand requirements of a
> system you haven't really built yet.

+1. as the author of a competing proposal, i'm not bitter, but i do wish 
that the WG had insisted on multiple interoperable implementations 
including at least one in open source, for each proposal, and insisted 
on a connect-a-thon style bakeoff, before choosing a winner.

yeti-dns is about to start its first KSK roll experiment, using RFC 
5011. i expect to be enlightened, one way or the other, by the results.

P Vixie

More information about the dns-operations mailing list