On 14. 03. 19 12:01, Warren Kumari wrote:
So, my original "gut feel" was approximately every year, and I still feel that that is roughly the right frequency -- but, I think that we first need to figure out what the cause of the increase in DNSKEY lookups is - it concerns me that we predicted no impact from the revocation, and we got... this. I think that, assuming we figure out the causes of the increase (and understand them well enough that we are fairly sure that they won't jump again!), my gut still says ~1year -- but, more research needed...
As a producer of a DNS validating CPE device/router, I must say, I am not very excited about frequent roll-overs. If your device stays at a retailer store for some time, you might be in a trouble. So I would prefer some longer periods. But it is more important how much in advance is the new key known/published. Ondrej
W
-------------------------------------------------------------------------------- Victorious warriors win first and then go to war, Defeated warriors go to war first and then seek to win. Sun Tzu
_______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org <mailto:ksk-rollover@icann.org> https://mm.icann.org/mailman/listinfo/ksk-rollover
-- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
_______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover
-- ( CZ.NIC z.s.p.o. ) ------------------------------------------------- Ondrej Filip - CEO Office : Milesovska 5, Praha 3, Czech Republic Email : ondrej.filip@nic.cz http://www.nic.cz Private: feela@network.cz -------------------------------------------------