There are of course varying degrees of failure, so what you can and can’t do will differ significantly from one event to the next, flexibility on how to act is IMHO critical here. I don’t think we want the parties involved (ICANN, The EBERO and the failed registry) to air all the details in public and therefore we have to enact a certain level of trust.

Brett

Brett Carr

System Development Manager UK-DNS.

From: gtld-tech <gtld-tech-bounces@icann.org> on behalf of Michele Neylon - Blacknight via gtld-tech <gtld-tech@icann.org>
Reply to: Michele Neylon - Blacknight <michele@blacknight.com>
Date: Friday, 20 October 2023 at 10:53
To: Wes Hardaker <wjhns1@hardakers.net>, Dr Eberhard W Lisse via gtld-tech <gtld-tech@icann.org>
Subject: RE: [EXTERNAL] [gtld-tech] .DESI to Be Placed in the Emergency Back-end Registry Operator Program

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

EBERO kicks in when the world is on fire and the registry has failed.

I don’t see how you can force a failed registry to do anything

Mr Michele Neylon

Blacknight Solutions

Hosting, Colocation & Domains

https://www.blacknight.com/

https://blacknight.blog/

Intl. +353 (0) 59 9183072

Direct Dial: +353 (0)59 9183090

Personal blog: https://michele.blog/

Some thoughts: https://ceo.hosting/

-------------------------------

Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845

I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.

From: gtld-tech <gtld-tech-bounces@icann.org> on behalf of Wes Hardaker via gtld-tech <gtld-tech@icann.org>
Date: Friday, 20 October 2023 at 11:49
To: Dr Eberhard W Lisse via gtld-tech <gtld-tech@icann.org>
Subject: Re: [gtld-tech] .DESI to Be Placed in the Emergency Back-end Registry Operator Program

[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.

Dr Eberhard W Lisse via gtld-tech <gtld-tech@icann.org> writes:

> Pardon my ignorance, but would such a roll at transfer not require the
> collaboration of the losing Registry?

[Note: though I'm on the ICANN board, I'm both not speaking for the
board and I don't have any direct knowledge of the situation of this
particular event in the first place -- I'm speaking purely from a
technical and personal perspective only]

That's certainly the core of the problem, but the answer depends on a
lot of things like the signature timing of the current records, the TTLs
of those records and the DS record, etc. You can do things to minimize
the impact if you don't have the original DNSKEY but it may not be
trivial if the timing constraints don't let you do something safer.
Certainly one thing you shouldn't do at the same time is an algorithm
roll, as that would increase the complexity significantly.

--
Wes Hardaker
USC/ISI
_______________________________________________
gtld-tech mailing list
gtld-tech@icann.org
https://mm.icann.org/mailman/listinfo/gtld-tech

________________________________________________By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.