ICANN ICANN Email List Archives

[comments-root-ksk-06aug15]


<<< Chronological Index >>>    <<< Thread Index >>>

Comments on the Design Team’s draft report on DNS Root Zone KSK Change

  • To: comments-root-ksk-06aug15@xxxxxxxxx
  • Subject: Comments on the Design Team’s draft report on DNS Root Zone KSK Change
  • From: Tim April <timapril@xxxxxxxxx>
  • Date: Mon, 5 Oct 2015 19:13:01 -0400

Hello,

Thank you for the opportunity to provide my feedback on this matter. I am
providing this comment as an individual, not representing any organization
of which I am a member.

My overall opinion of the proposed KSK rollover is that if a rollover is
going to happen at all, it should happen sooner rather than later. My
interactions with small and medium scale recursive infrastructure over the
past years do not leave me with much hope that existing or new recursive a
will be configured in such a way that the KSK rollover will occur without
any issue. I feel that further delay of the KSK rollover will only allow
other systems to be added that will handle the rollover poorly resulting in
outages for larger populations of end users.

In addition to physical deployments, I worry that the current trajectory of
of different compliance regimes, such as FISMA, starting to require both
signing and verification will result in operators not following the
conversations about the rollover who will DoS a growing number of end users.

In the event that the rollover does occur, I would also suggest that some
consideration be paid to the requirements and process that ICANN and the
root operators should follow in the event that an unacceptable number of
end users are DoSed (keeping in mind that in some cases, DoSed end users
may not being able to self report).

Please feel free to contact me if you have any other questions about my
thoughts.

--Tim April
As an individual
<timapril (at) gmail (dot) com>


<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy