<<<
Chronological Index
>>> <<<
Thread Index
>>>
A proposed schedule for rolling the root key
- To: comments-root-zone-consultation-08mar13@xxxxxxxxx
- Subject: A proposed schedule for rolling the root key
- From: Doug Barton <dougb@xxxxxxxxxxxxx>
- Date: Sat, 27 Apr 2013 17:22:11 -0700
1. Announce a date around 6 months in advance when the key will be rolled
2. Roll it
3. Wait a minimum of 3 months after the first roll to triage the damage
4. Once the community feels that we have a handle on what went wrong the
first time (IOW, some time after the 3 months), announce a second roll
in 3-6 months time.
5. Roll it again
6. Wait another 3 months, hopefully there will be less fallout after the
second roll
7. Announce a third roll in 3-6 months
8. Assuming the third roll goes well, set a schedule for the next one.
Two years is a nice round number.
Unfortunately, it's inevitable that things will break when the key is
rolled. I don't envy those at ICANN who will be dealing with both the
pre-roll PR, and the fallout. :)
However, it has to be done, and sooner is better than later. The chances
that the root key is susceptible to any currently known cryptographic
attack are very, very tiny at the moment. However at this stage of the
game an emergency key rollover (for whatever reason) would be
disastrous, more for PR reasons than technical ones.
hope this helps,
Doug
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|