Joe Abley <jabley@hopcount.ca> wrote: > The question of whether and how often to roll the KSK seems to me to be > the least interesting of all the work to be done around KSK management, > but since it also seems to block discussion of any of the more > entertaining subjects, the following is my opinion. You'll note the > justification for the proposed end-state is missing, as are detailed > suggestions for how we get there. Both are available on demand :-) Let me start by saying that I concur with you completely. I think that some have asked why we are rolling at all, in order to more precisely understand what threats we are mitigating. > 4. An emergency key-roll due to key compromise (of any number of > flavours) will be expected, easy to execute and easy to understand from > the client side. Contributing oil on the wheels might be long-timebase > pre-publication of standby keys and the processes for an emergency roll > closely resembling (or being identical to) processes for a scheduled > roll. I think that may be situations which pre-publication of standby keys might not mitigate. I think that we won't be sure until we write down the reasons for an emergency key-roll. As a small detail; who would make that call, and how much time would they have to make the decision? -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-