(Reordering and pruning somewhat...) On Oct 17 2018, Geoff Huston wrote: [...]
On 16 Oct 2018, at 4:37 pm, Edward Lewis <edward.lewis@icann.org> wrote: [...]
The plan is to publish a revocation of KSK-2010 on 11 January 2019. The scheduled date for the KSK Ceremony (#35) that will produce that DNSKEY set is 15 November 2018.
That phase may merit some monitoring, as it the largest response to a root zone DNSKEY query and we are aware that some resolvers fail when the response gets this large.
Also, I hope that the RFC 8145 query monitoring will continue during this period and distinguish servers that have dropped KSK-2010 from their set of trust anchors from those that have not. This may give some insight into how widespread, and how effective, RFC 5011 implementations are. -- Chris Thompson Email: cet1@cam.ac.uk