On 5 Jan 2018, at 02.29, David Conrad <david.conrad@icann.org> wrote:I share this concern, but TBH, from my experience in the outreach I was involved with personally, the response was bimodal, either:
A) boredom, having to listen to yet another talk on stuff they’d already dealt with (e.g., NANOGs, RIPE meetings, etc)
- or -
B) incomprehension, not even knowing what the letters DNS stand for. (e.g., CIO/CTO forums, non-technical venues)
The reality is that finding the right people to speak to to ensure resolvers are properly configured for the KSK rollover turns out to be quite hard.
So we don’t want to not do the rollover, we know our data is incomplete, and we know there will be an unknown amount of fallout. From the data that we do have through 8145, is there any indication that the amount of known brokenness is decreasing? Could that be used as an indicator that, despite all the tremendous effort from ICANN and others over the last months, we have no way to decrease the known fallout further, thereby assuming there’s nothing more we can do to prevent the unknown fallout either?To be very clear, we don’t want to continue postponing. What we’re looking for is for the community to tell us in the ICANN Org how to move forward. We were surprised with the 8145 data (i.e., that we were actually getting data and the number of misconfigurations we were seeing were as high as they were). We’ve done a bit of analysis and from what little we’ve been able to ascertain, there doesn’t appear to be anything fundamentally broken with the architecture or implementations, rather misconfiguration happens. This isn’t surprising. However, now that we know concretely there will be brokenness, how much is the community willing to tolerate (and what metrics can we use to ensure we’re below that threshold).