At the BoF at IETF 104 I suggested the following.

 

Make the next KSK rollover scheduled.  After that, do not announce them. It is the only way to train the infrastructure to be ready to handle emergencies.

I mostly agree with this, and would totally agree if we were completely 5011 based, but that's not the case.  I think there needs to be an "interested parties" announcement even if this isn't announced widely.  E.g. ISPs that do manual configuration on roll-their-own DNS resolvers etc.

 

_______________________________________________
ksk-rollover mailing list
ksk-rollover@icann.org
https://mm.icann.org/mailman/listinfo/ksk-rollover