Supplemental comments on Root Zone KSK Rollover
Dear ICANN staff members:Given that the ISOC comment on the KSK rollover provides a clear articulation of the rationales for a proactive root KSK rollover program by ICANN, I see the need to provide an additional comment on the issue.
The arguments in my earlier comment are on the record and they are in many respects opposing the ISOC rationale elements.
The perspective of a successful root KSK rollover program is envisioned by ISOC in these terms:
"The end result of this initial period is that rolling the root zone KSK should become a routine operation that is regularly executed by ICANN without any impacts to the DNS and to DNSSEC validation. At the point that it becomes routine ICANN will then be ready to perform an unscheduled root zone KSK rollover should such an event ever become required."
In a security analysis with a key management focus, the new context would see a shift of the single point of failure from the DNS root KSK private key components to whatever private cryptographic key material (e.g. a standby private key component) would be required for performing a legitimate rollover operation. In the same line of thoughts as in my previous comment, I doubt the Internet community actually benefits from this mere shifting of focus for operational security measures surrounding a system-wide master key.
-- - Thierry Moreau