at one point in early discussions, there was a suggestion that the signature validity period expire in 2040, after the unix epoch. the thinking was, the # of conversions that would need to be done then would make it an ideal time to also roll the keys. and in some alternate universe, that might make lots of sense. RFC 5011 does make certain presumptions. The nature of what it means to be connected and what, if any, field upgrade capability exists have changed. So will you acknowledge O’Dells law or not? Will those of you who have a dog in this fight want regular existence proof that the backup plans work or not. (The data center analogy of regularly testing the backup generators comes to mind.) Mike has drilled down on a very good point re emergency rollover. /bill PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 22September2014Monday, at 15:48, Tomofumi Okubo <tomofumi.okubo@gmail.com> wrote:
Hello David,
On Mon, Sep 22, 2014 at 3:04 PM, David Conrad <david.conrad@icann.org> wrote:
Perhaps there is some confusion: is anyone actually suggesting we don’t do key rollovers?
I had an impression that some people are not too enthusiastic about it. I'm sorry if I misread it.
I certainly am not (if there is any doubt).
No doubt there.
I am trying to draw assumptions and implications out so we can discuss them more fully, with some vague hope of reaching consensus.
Sounds good to me.
Thanks, Tomofumi _______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover