Not knowing any of the .WED facts, I could speculate that an orderly transition (clean roll) can be one of the last things on a losing registry’s mind. 

el

-- 
Sent from my iPhone
On Oct 18, 2023 at 16:10 +0200, Bill Woodcock via gtld-tech <gtld-tech@icann.org>, wrote:
As I said, I’m not talking about .DESI specifically, as I’m well aware that I’m not in possession of all the facts. As I said, I was speaking from my observations of .WED.

-Bill



On Oct 18, 2023, at 16:08, Carr, Brett via gtld-tech <gtld-tech@icann.org> wrote:

Disclaimer (I no longer work for an EBERO), I think we need to be a little careful about calling people lazy and suggesting they are slacking off is not helpful when we aren't in possession of all the facts and decision making processes that led this and previous transitions into this space.

Brett

--
Brett Carr
System Development Manager UK-DNS.






On 18/10/2023, 15:02, "gtld-tech on behalf of Bill Woodcock via gtld-tech" <gtld-tech-bounces@icann.org <mailto:gtld-tech-bounces@icann.org> on behalf of gtld-tech@icann.org <mailto:gtld-tech@icann.org>> wrote:


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.






My argument isn’t that .DESI specifically does or should matter to anyone who isn’t a registrant.


My argument is that if something’s worth doing, it’s worth doing well. There’s no point in being able to exercise the process for a clean roll, and not doing so. The effort is relatively trivial, and it’s good practice for when it’s needed. Always slacking off and doing dirty rolls because you’re lazy, you don’t get any practice running the necessary process, so when you do need it, you’re unprepared. That’s just bad policy.


-Bill






On Oct 18, 2023, at 12:21, Michele Neylon - Blacknight <michele@blacknight.com <mailto:michele@blacknight.com>> wrote:

https://ntldstats.com/tld/desi <https://ntldstats.com/tld/desi>
Tiny numbers of everything
--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/ <https://www.blacknight.com/>
https://blacknight.blog/ <https://blacknight.blog/>
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/ <https://michele.blog/>
Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.
From: gtld-tech <gtld-tech-bounces@icann.org <mailto:gtld-tech-bounces@icann.org>> on behalf of Dr Eberhard W Lisse via gtld-tech <gtld-tech@icann.org <mailto:gtld-tech@icann.org>>
Date: Wednesday, 18 October 2023 at 11:15
To: Bill Woodcock <woody@pch.net <mailto:woody@pch.net>>
Cc: gtld-tech@icann.org <mailto:gtld-tech@icann.org> <gtld-tech@icann.org <mailto:gtld-tech@icann.org>>
Subject: Re: [gtld-tech] .DESI to Be Placed in the Emergency Back-end Registry Operator Program
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.
Bill,

my understanding is that this is a FAILED Registry which in July asked ICANN to terminate so this probably means they stopped engaging (which might have implications about the cleanliness of the roll) and the number of registrants is small and thus presumably don’t care about signing if even about their names at all.


el

-- Sent from my iPhone
On Oct 18, 2023 at 09:22 +0200, Bill Woodcock <woody@pch.net <mailto:woody@pch.net>>, wrote:

Thank you for the reference, Eberhard.

“If there is sufficient time and the EBERO, ICANN and failing registry operator concur on implementation details, a pre-publication strategy may be used.”

That seems like very weak sauce to me, and in actual fact was insufficient to protect registrants’ interests in having a clean roll. The EBERO being lazy does not seem to me to be sufficient reason to allow a dirty roll.

-Bill




On Oct 18, 2023, at 09:17, Dr Eberhard W Lisse via gtld-tech <gtld-tech@icann.org <mailto:gtld-tech@icann.org>> wrote:

https://www.icann.org/en/system/files/files/common-transition-process-manual-21dec22-en.pdf <https://www.icann.org/en/system/files/files/common-transition-process-manual-21dec22-en.pdf>

el

--
Sent from my iPhone
On Oct 18, 2023 at 01:02 +0200, Bill Woodcock via gtld-tech <gtld-tech@icann.org <mailto:gtld-tech@icann.org>>, wrote:

On Oct 17, 2023, at 21:07, Viktor Dukhovni via gtld-tech <gtld-tech@icann.org <mailto:gtld-tech@icann.org>> wrote:

On Tue, Oct 17, 2023 at 12:38:13PM +0000, Francisco Arias via gtld-tech wrote:


ICANN is transferring the operation of the .DESI gTLD to an Emergency
Back-end Registry Operator (EBERO) to ensure the continued operation
of the generic top-level domain (gTLD) and protect registrants. As
part of this transfer, .DESI has transitioned from a secure DNSSEC
state to an insecure DNSSEC state (i.e., the DS records for .DESI have
been removed from the root zone). After the transfer, ICANN will work
with the designated EBERO provider to transition the .DESI gTLD back
to a secure state (i.e., signing the zone for .DESI and adding new DS
records for .DESI in the root zone). After evaluating available
options, we believe the temporary move to an insecure state was the
best available option.

I gather a graceful key rollover from the current algorithm 8
(RSASHA256) KSK to a new KSK for the same algorithm at the new operator
was not an option?

All that this would have required of the new operator is to add the new
providers KSK and ZSK to the DNSKEY RRset, augment the zone apex NS
RRset and resign the zone.

So presumably the prior operator was unable and/or unwilling to sign
updated zone apex DNSKEY and RRsets?

Or was this just a "risk" decision. It would be reassuring to know that
for more "critical" zones there is, when/if needed, a more graceful,
known to work process.

I think it’s just a matter of policy. The one instance of this that I watched up-close, when .WED was placed on EBERO, it was a fully functional registry, the EBERO operator was offered a clean roll, and they just ignored it and did a dirty roll without responding to any of the coordination attempts.

So, policy, but very bad policy.

-Bill


_______________________________________________
gtld-tech mailing list
gtld-tech@icann.org <mailto:gtld-tech@icann.org>
https://mm.icann.org/mailman/listinfo/gtld-tech <https://mm.icann.org/mailman/listinfo/gtld-tech>

________________________________________________By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy <https://www.icann.org/privacy/policy>) and the website Terms of Service (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________
gtld-tech mailing list
gtld-tech@icann.org <mailto:gtld-tech@icann.org>
https://mm.icann.org/mailman/listinfo/gtld-tech <https://mm.icann.org/mailman/listinfo/gtld-tech>

________________________________________________By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy <https://www.icann.org/privacy/policy>) and the website Terms of Service (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.










Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg, R.C.S. Luxembourg B186284

Amazon Web Services EMEA Sarl, UK Branch, 1 Principal Place, Worship Street, London, EC2A 2FA, United Kingdom, registered in England and Wales, UK Establishment No. BR019315


_______________________________________________
gtld-tech mailing list
gtld-tech@icann.org
https://mm.icann.org/mailman/listinfo/gtld-tech

________________________________________________By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.



_______________________________________________
gtld-tech mailing list
gtld-tech@icann.org
https://mm.icann.org/mailman/listinfo/gtld-tech

________________________________________________By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.