Root signing comments
Hello,I don't have technical or chronological comments on this, but I think I have some operational (running unsigned authoritative and validating recursive DNS servers for a few thousand users) insight that might be useful. The short version of this is, "Don't screw up."
Key rollover might not be 'hard' in the computer science sense, but several zone operators Who Ought To Know Better have recently failed at this. (IANA or ARIN broke 0.1.6.2.ip6.arpa a while ago, and comcast broke one of their zones recently.)
When a zone authoritatively fails (because KSK rollover didn't work right), then validating servers return SVRFAIL, while non-validating servers return the correct answer. To end users, this looks like the validating servers are broken, which makes running validating servers "painful."
Zone signatures aren't any good if nobody validates. I know that I'm about one more incident away from turning off validation, and I doubt that I'm alone in that. I think that there are a lot of DNS operators that haven't turned on validation because they perceive that DNS spoofing attacks happen less frequently than signing and rollover errors; the cure appears (at least for now?) to be worse than the disease.
So please: 1. Be very sure that this works right; 2. Be sure that it keeps working right.3. Publish how you did #1 and #2 so that other People Who Ought To Know Better (and maybe someday mere mortals like me) can do this right.
Thanks for considering this, --David Burns