On 2 Apr 2019, at 16:53, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
Joe Abley <jabley@hopcount.ca> wrote:
I think that may be situations which pre-publication of standby keys might not mitigate. I think that we won't be sure until we write down the reasons for an emergency key-roll. As a small detail; who would make that call, and how much time would they have to make the decision?
I suspect this is not the right list to conduct a design exercise.
The question of who gets to declare a compromise, how they would decide to do so and how much time they would have to make the decision are (I think) IANA, unknown and unknown. This is a good example of interesting work that is much easier to contemplate once the KSK is rolling regularly and unremarkably.
What if our current roll process (which we will have been rehearsing a lot), can not cope with the resulting answers?
Well, the opposite ordering involves designing a policy framework for a rollover that you don't know how to execute, which seems like more of a problem. Joe