+1 Marc. On 28 Mar 2019, at 15:34, Lars-Johan Liman wrote:
All,
As I stated at the mic in the BOF:
We should look at _why_ we want to roll the key.
My take is that we want to do this to make sure that rolling the key is a non-event. We need to make sure that all resolvers handle this in a smooth fashion, and that all operators remember what to do when it happens. Ideally it will be automated everywhere.
My analogy was the diesel generators in a data centre. You don't wait for The Big Power Outage to run them, you do it every month, so that you discover potential problems, and so that all staff and equipment are "trained" to act appropriately.
Repeating the event is the only way to train the world that this is a non-event. Make the "pain" is frequent enough, and people will make sure they handle it appropriately to avoid the pain. --> Automation.
With a smooth machinery, we can roll at any time, should an emergency arise.
And yes, there is a non-trivial cost associated with rolling, but again, we can only drive down the cost by going for "mass-production". The more often we do it, the lower the cost must be, and will eventually become.
I suggest we roll on a yearly basis, but I can be convinced to agree to every two years. I also kind of like the idea to perform unannounced rolls in the future.
It. Must. Be. A. Non-event!
Cheers, /Liman -- #---------------------------------------------------------------------- # Lars-Johan Liman, M.Sc. ! E-mail: liman@netnod.se # Senior Systems Specialist ! Tel: +46 8 - 562 860 12 # Netnod Internet Exchange, Stockholm ! http://www.netnod.se/ #---------------------------------------------------------------------- _______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover