On Wed, Jan 31, 2018 at 9:15 AM, Robert Story <rstory@isi.edu> wrote:
On Wed 2018-01-31 07:53:51-0500 Marc wrote:
I’m not sure that supporting multiple hints files would really help. I might be wrong.
I think it could give us better information than kskroll-sentinel on how many folks are ready for the roll. To extend the idea a bit, if root servers listened on 3 addresses and there were 3 hints files (2017-ready, 2010-only, neither), we would know the status of every resolver that was updated, as soon as it was updated, without having to do any testing using ad campaigns that load pictures of fish. :-)
So, RFC8145 already gives information very similar to this... and it turns out that the information doesn't show what we thought it would -- it demonstrates the distribution of keys across *resolvers*. That's a nice metric, but fundamentally fairly useless; in my basement I have a machine BIND in a Docker instance. It only has the old key (because Docker[0]) -- this is interesting from an academic standpoint, but doesn't actually tell us anything - no-one is querying this instance. What we need (IMO, YMMV, etc) is something which exposes this information to *users* -- in an ideal world, there would be "no resolver left behind" - unfortunately that doesn't seem realistic (managed vs trusted-keys, non-5011 implementations, read-only filesystems, etc), so I think we need to focus on "minimal users left behind". I guess you could try scale 8145 (or multiple hints files) by the number of users using each resolver, but, well, that seems like you are back to the first issue.
[note: speaking for myself, not my employer.]
Hey, me too! <waves/> W [0]: The Docker instance doesn't have persistent storage, because it is part of a test infrastructure. It starts 5011, but usually doesn't complete it (because timers) or it completes it, and then I restart some tests and the Docker image reloads. Yes, this is a 10 minute fix, but...
-- Robert Story <http://www.isi.edu/~rstory> USC Information Sciences Institute <http://www.isi.edu/>
_______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover
-- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf