Hi George, On 2010-09-30, at 06:45, George Barwood wrote:
> Not directly related to this draft ( it's probably out of scope ), but is > there any guidance on the timing of rollover of the Trust Anchor for the Root > Zone? We have issued no guidance for this to date beyond (a) in an emergency, a root zone KSK roll-over may happen uncomfortably quickly, depending on the type of emergency; (b) we don't anticipate a scheduled key roll-over to earlier than 3 years (our messaging as mentioned "3 to 5 years"); (c) the roll-over will follow RFC5011. Part of the reason (b) is vague is due to (c) -- we don't know how pervasive RFC5011 support is, and we expect RFC5011 support to be important for a large proportion of DNSSEC users. We know that the practical lifetime of software in the field an be long, and so presumably even if RFC5011 was universally shipping in validators today there would still be a necessary delay before we could expect it to be usefully available. I would certainly expect any scheduled roll-over to be announced (and the trust anchor published) well in advance of the retirement of the old KSK. We would be happy to hear thoughts from the community on what process and timing makes sense. If the dnsop chairs are happy for that conversation to happen here, we are listening. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
