While the registry failed, the back-end/RSP didn't. CentralNIC/Team Internet, Nominet and ICANN could have arranged for a smoother transition DNSSEC-wise. Rubens
On 20 Oct 2023, at 11:52, Michele Neylon - Blacknight via gtld-tech <gtld-tech@icann.org> wrote:
EBERO kicks in when the world is on fire and the registry has failed. I don’t see how you can force a failed registry to do anything
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.
From: gtld-tech <gtld-tech-bounces@icann.org <mailto:gtld-tech-bounces@icann.org>> on behalf of Wes Hardaker via gtld-tech <gtld-tech@icann.org <mailto:gtld-tech@icann.org>> Date: Friday, 20 October 2023 at 11:49 To: Dr Eberhard W Lisse via gtld-tech <gtld-tech@icann.org <mailto:gtld-tech@icann.org>> Subject: Re: [gtld-tech] .DESI to Be Placed in the Emergency Back-end Registry Operator Program
[EXTERNAL EMAIL] Please use caution when opening attachments from unrecognised sources.
Dr Eberhard W Lisse via gtld-tech <gtld-tech@icann.org> writes:
Pardon my ignorance, but would such a roll at transfer not require the collaboration of the losing Registry?
[Note: though I'm on the ICANN board, I'm both not speaking for the board and I don't have any direct knowledge of the situation of this particular event in the first place -- I'm speaking purely from a technical and personal perspective only]
That's certainly the core of the problem, but the answer depends on a lot of things like the signature timing of the current records, the TTLs of those records and the DS record, etc. You can do things to minimize the impact if you don't have the original DNSKEY but it may not be trivial if the timing constraints don't let you do something safer. Certainly one thing you shouldn't do at the same time is an algorithm roll, as that would increase the complexity significantly.
-- Wes Hardaker USC/ISI _______________________________________________ gtld-tech mailing list gtld-tech@icann.org https://mm.icann.org/mailman/listinfo/gtld-tech
________________________________________________By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ gtld-tech mailing list gtld-tech@icann.org <mailto:gtld-tech@icann.org> https://mm.icann.org/mailman/listinfo/gtld-tech
________________________________________________By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.