On Sep 23, 2014, at 9:58 AM, David Conrad <david.conrad@icann.org> wrote:
Actually, I’d say it is about: - what do we want to do in addition to rolling the key (e.g., longer key size, change algorithms, add more keys, etc) - the exact methodology by which we will roll the key. - how frequently will we roll the key - what’s going to break when we roll the key (and how do we mitigate/remedy that breakage)
I see the “when” bit as a relatively minor detail once we get the above ironed out.
+1. In fact, the "when" is dependent on some of the earlier bits. For example, doing a key roll after adding a second key has completely different operational properties for ICANN, and for the relying parties, than rolling the single current key. --Paul Hoffman