Salz, Rich via ksk-rollover (ksk-rollover) writes:
* I mostly agree with this, and would totally agree if we were completely 5011 based, but that's not the case. I think there needs to be an "interested parties" announcement even if this isn't announced widely. E.g. ISPs that do manual configuration on roll-their-own DNS resolvers etc.
If you pre-announce to interested parties, then you are not helping those parties learn how to handle unannounced emergencies.
+1. The one thing that worries me most here is that if we don't make KSK rollovers part of something your software and/or distro deals with automatically, each pre-announced roll will result in huge amounts of of time and resources wasted on long threads on various mailing lists, with the risk of bringing the n+1 roll to a grinding halt if the least doubt arises. We are nearly 9 *years* into the signed root. Mission accomplished ? As Pieter wrote:
There are non-5011 ways to get the anchors (e.g. time fetches of the XML). But a list for announcements to interested parties, without the publication fanfare makes sense to not spring this on people.
... so yeah, work with the vendors/distros, make this as automatic and normal as possible, so we can use our time on other issues that haven't been solved yet ;) Cheers, Phil