INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers
Dear RSSAC Caucus, The IANA has published a Proposal for Future Root Zone KSK Rollovers and is soliciting public comments on it. <https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-...> The RSSAC wishes to solicit feedback from the Caucus to determine its response. Please review the proposal and if you have comments please send them to this list by December 15th. Depending on the comments and discussion generated on this list the RSSAC may kick off a quick work party to draft input, or we may just continue using this list for development of the document. The final deadline for input is January 31, 2020. So we don’t have too much time to get something ready. Thanks, Andrew
The proposal needs to address algorithm rollover in more detail. Why is it not proposed for this next change, when adoption of shorter hash/signatures would impact directly on the packetsize related problems of extended periods of operation with increased signature counts? The one paragraph write up is a get out clause. I think we should promote an intent, subject to this review and testing, to perform this role in the next 3 year cycle. The word "measurement" does not occur anywhere in the text. Apart from that, I think its a well written document. I could quibble to the timing, but 3 feels like a rational choice from a human process centric view. I like the alternate/replacement key pre-gen stuff. I think thats good. Forward planning. -G On Wed, Dec 4, 2019 at 7:49 AM Andrew McConachie <andrew.mcconachie@icann.org> wrote:
Dear RSSAC Caucus,
The IANA has published a Proposal for Future Root Zone KSK Rollovers and is soliciting public comments on it. <https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-...>
The RSSAC wishes to solicit feedback from the Caucus to determine its response. Please review the proposal and if you have comments please send them to this list by December 15th. Depending on the comments and discussion generated on this list the RSSAC may kick off a quick work party to draft input, or we may just continue using this list for development of the document.
The final deadline for input is January 31, 2020. So we don’t have too much time to get something ready.
Thanks, Andrew _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
On Wed, 4 Dec 2019 at 07:01, George Michaelson <ggm@algebras.org> wrote:
The proposal needs to address algorithm rollover in more detail. Why is it not proposed for this next change, when adoption of shorter hash/signatures would impact directly on the packetsize related problems of extended periods of operation with increased signature counts?
+1 there should be a predictable timeline for algorithm rollover and as a result a advance timeline for study, review, and testing work on this. Otherwise there will be no actual work on this.
Davey
Dear RSSAC Caucus, A friendly reminder to send in any feedback by December 15th. Thanks, Andrew On Dec 3, 2019, at 22:49, Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> wrote: Dear RSSAC Caucus, The IANA has published a Proposal for Future Root Zone KSK Rollovers and is soliciting public comments on it. <https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-... [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_public-2Dcomments_proposal-2Dfuture-2Drz-2Dksk-2Drollovers-2D2019-2D11-2D01-2Den&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=KNEpS67O2txk54bIz-1lXP0tI5Rmtg88Ogwh6PVSGXJyTMuY0E2SHr70jrG3fGLJ&m=YoEr8VEKz6dca-SGMKWvE03nw_u3sPlsVD0NNpEPcHM&s=iSIeBJOqhJGp75k8Ljg2x9X2ytOJJS9p0ftdFWwR7q0&e=>> The RSSAC wishes to solicit feedback from the Caucus to determine its response. Please review the proposal and if you have comments please send them to this list by December 15th. Depending on the comments and discussion generated on this list the RSSAC may kick off a quick work party to draft input, or we may just continue using this list for development of the document. The final deadline for input is January 31, 2020. So we don’t have too much time to get something ready. Thanks, Andrew _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org<mailto:rssac-caucus@icann.org> https://mm.icann.org/mailman/listinfo/rssac-caucus _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_p... ) and the website Terms of Service (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_t... ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Hi, I think the document is explicit enough and I hope it can be implemented. Abdulkarim On Wed, Dec 11, 2019 at 4:06 PM Andrew McConachie < andrew.mcconachie@icann.org> wrote:
Dear RSSAC Caucus,
A friendly reminder to send in any feedback by *December 15th*.
Thanks, Andrew
On Dec 3, 2019, at 22:49, Andrew McConachie <andrew.mcconachie@icann.org> wrote:
Dear RSSAC Caucus,
The IANA has published a Proposal for Future Root Zone KSK Rollovers and is soliciting public comments on it. <https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-... [icann.org] <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_public-2D...>
The RSSAC wishes to solicit feedback from the Caucus to determine its response. Please review the proposal and if you have comments please send them to this list by *December 15th*. Depending on the comments and discussion generated on this list the RSSAC may kick off a quick work party to draft input, or we may just continue using this list for development of the document.
The final deadline for input is January 31, 2020. So we don’t have too much time to get something ready.
Thanks, Andrew _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy ( https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_p... ) and the website Terms of Service ( https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_t... ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- Website <http://www.unilorin.edu.ng>, Weekly Bulletin <http://www.unilorin.edu.ng/index.php/bulletin> UGPortal <http://uilugportal.unilorin.edu.ng/> PGPortal <https://uilpgportal.unilorin.edu.ng/>
I also agree, lets go ahead & implement the same. Regards Shailesh Gupta 512826, +91 7208076162 From: rssac-caucus <rssac-caucus-bounces@icann.org> On Behalf Of ABDULKARIM AYOPO OLOYEDE Sent: Saturday, December 14, 2019 0:11 To: Andrew McConachie <andrew.mcconachie@icann.org> Cc: RSSAC Caucus <rssac-caucus@icann.org> Subject: Re: [RSSAC Caucus] INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi, I think the document is explicit enough and I hope it can be implemented. Abdulkarim On Wed, Dec 11, 2019 at 4:06 PM Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> wrote: Dear RSSAC Caucus, A friendly reminder to send in any feedback by December 15th. Thanks, Andrew On Dec 3, 2019, at 22:49, Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> wrote: Dear RSSAC Caucus, The IANA has published a Proposal for Future Root Zone KSK Rollovers and is soliciting public comments on it. <https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-... [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_public-2Dcomments_proposal-2Dfuture-2Drz-2Dksk-2Drollovers-2D2019-2D11-2D01-2Den&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=KNEpS67O2txk54bIz-1lXP0tI5Rmtg88Ogwh6PVSGXJyTMuY0E2SHr70jrG3fGLJ&m=YoEr8VEKz6dca-SGMKWvE03nw_u3sPlsVD0NNpEPcHM&s=iSIeBJOqhJGp75k8Ljg2x9X2ytOJJS9p0ftdFWwR7q0&e=>> The RSSAC wishes to solicit feedback from the Caucus to determine its response. Please review the proposal and if you have comments please send them to this list by December 15th. Depending on the comments and discussion generated on this list the RSSAC may kick off a quick work party to draft input, or we may just continue using this list for development of the document. The final deadline for input is January 31, 2020. So we don’t have too much time to get something ready. Thanks, Andrew _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org<mailto:rssac-caucus@icann.org> https://mm.icann.org/mailman/listinfo/rssac-caucus _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_p... ) and the website Terms of Service (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_t... ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org<mailto:rssac-caucus@icann.org> https://mm.icann.org/mailman/listinfo/rssac-caucus _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. Website<http://www.unilorin.edu.ng>, Weekly Bulletin<http://www.unilorin.edu.ng/index.php/bulletin> UGPortal<http://uilugportal.unilorin.edu.ng/> PGPortal<https://uilpgportal.unilorin.edu.ng/>
The only comment I have that root-dnssec-announce should be grow from time to time to have all resolver operators and making them about about any future rollover process. Thanks a lot. All the Best, Abdalmonem Tharwat Galila Deputy Manager, Dot Masr Registry, Operation Sector. [NTRA Logo 2016] National Telecommunication Regulatory Authority [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523405_telephone] Office Tel.: +2 02 35341582<tel:02%2035341582> - +2 02 35341300<tel:02%2035341300> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Mobile] Mobile: +2 010 00049068<tel:010%2000049068> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: ICON] Fax : +2 02 35370537<tel:02%2035370537> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: oNLINE] Website : http:\\www.mcit.gov.eg<http://www.mcit.gov.eg/> : http:\\www.tra.gov.eg<http://www.mcit.gov.eg/> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523294_email] E-mail : agalila@mcit.gov.eg<mailto:agalila@mcit.gov.eg> : atharwat@tra.gov.eg<mailto:atharwat@tra.gov.eg> [Description: 1447802547_skype] Skype : abdalmonem.galila [Description: static_qr_code_without_logo] [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523469_error]DISCLAIMER This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify your system support manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the National Telecom Regulatory Authority (NTRA) . Finally, the recipient should check this email and any attachments for the presence of viruses. The NTRA accepts no liability for any damage caused by any virus transmitted by this email. From: rssac-caucus [mailto:rssac-caucus-bounces@icann.org] On Behalf Of Gupta Shailesh Sent: Saturday, December 14, 2019 6:42 AM To: ABDULKARIM AYOPO OLOYEDE <oloyede.aa@unilorin.edu.ng>; Andrew McConachie <andrew.mcconachie@icann.org> Cc: RSSAC Caucus <rssac-caucus@icann.org> Subject: Re: [RSSAC Caucus] INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers I also agree, lets go ahead & implement the same. Regards Shailesh Gupta 512826, +91 7208076162 From: rssac-caucus <rssac-caucus-bounces@icann.org<mailto:rssac-caucus-bounces@icann.org>> On Behalf Of ABDULKARIM AYOPO OLOYEDE Sent: Saturday, December 14, 2019 0:11 To: Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> Cc: RSSAC Caucus <rssac-caucus@icann.org<mailto:rssac-caucus@icann.org>> Subject: Re: [RSSAC Caucus] INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi, I think the document is explicit enough and I hope it can be implemented. Abdulkarim On Wed, Dec 11, 2019 at 4:06 PM Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> wrote: Dear RSSAC Caucus, A friendly reminder to send in any feedback by December 15th. Thanks, Andrew On Dec 3, 2019, at 22:49, Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> wrote: Dear RSSAC Caucus, The IANA has published a Proposal for Future Root Zone KSK Rollovers and is soliciting public comments on it. <https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-... [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_public-2Dcomments_proposal-2Dfuture-2Drz-2Dksk-2Drollovers-2D2019-2D11-2D01-2Den&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=KNEpS67O2txk54bIz-1lXP0tI5Rmtg88Ogwh6PVSGXJyTMuY0E2SHr70jrG3fGLJ&m=YoEr8VEKz6dca-SGMKWvE03nw_u3sPlsVD0NNpEPcHM&s=iSIeBJOqhJGp75k8Ljg2x9X2ytOJJS9p0ftdFWwR7q0&e=>> The RSSAC wishes to solicit feedback from the Caucus to determine its response. Please review the proposal and if you have comments please send them to this list by December 15th. Depending on the comments and discussion generated on this list the RSSAC may kick off a quick work party to draft input, or we may just continue using this list for development of the document. The final deadline for input is January 31, 2020. So we don’t have too much time to get something ready. Thanks, Andrew _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org<mailto:rssac-caucus@icann.org> https://mm.icann.org/mailman/listinfo/rssac-caucus _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_p... ) and the website Terms of Service (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_t... ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org<mailto:rssac-caucus@icann.org> https://mm.icann.org/mailman/listinfo/rssac-caucus _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on. Website<http://www.unilorin.edu.ng>, Weekly Bulletin<http://www.unilorin.edu.ng/index.php/bulletin> UGPortal<http://uilugportal.unilorin.edu.ng/> PGPortal<https://uilpgportal.unilorin.edu.ng/>
Question for you. My understanding, which may be incorrect, is that root-dnssec-announce is composed of people who have signed up - people who want to be on it. Your statement leads me to believe that resolver operators are being denied access, or at least you believe that they are. Is that correct? If I'm correct, resolver operators that are not on it need to add themselves to it.
On Dec 14, 2019, at 1:19 AM, Abdalmonem Tharwat Galila <agalila@mcit.gov.eg> wrote:
The only comment I have that root-dnssec-announce should be grow from time to time to have all resolver operators and making them about about any future rollover process.
Thanks a lot.
All the Best, Abdalmonem Tharwat Galila Deputy Manager, Dot Masr Registry, Operation Sector.
[NTRA Logo 2016] National Telecommunication Regulatory Authority [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523405_telephone] Office Tel.: +2 02 35341582<tel:02%2035341582> - +2 02 35341300<tel:02%2035341300> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Mobile] Mobile: +2 010 00049068<tel:010%2000049068> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: ICON] Fax : +2 02 35370537<tel:02%2035370537> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: oNLINE] Website : http:\\www.mcit.gov.eg<http://www.mcit.gov.eg/> : http:\\www.tra.gov.eg<http://www.mcit.gov.eg/> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523294_email] E-mail : agalila@mcit.gov.eg<mailto:agalila@mcit.gov.eg> : atharwat@tra.gov.eg<mailto:atharwat@tra.gov.eg> [Description: 1447802547_skype] Skype : abdalmonem.galila [Description: static_qr_code_without_logo] [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523469_error]DISCLAIMER This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify your system support manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the National Telecom Regulatory Authority (NTRA) . Finally, the recipient should check this email and any attachments for the presence of viruses. The NTRA accepts no liability for any damage caused by any virus transmitted by this email.
From: rssac-caucus [mailto:rssac-caucus-bounces@icann.org] On Behalf Of Gupta Shailesh Sent: Saturday, December 14, 2019 6:42 AM To: ABDULKARIM AYOPO OLOYEDE <oloyede.aa@unilorin.edu.ng>; Andrew McConachie <andrew.mcconachie@icann.org> Cc: RSSAC Caucus <rssac-caucus@icann.org> Subject: Re: [RSSAC Caucus] INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers
I also agree, lets go ahead & implement the same.
Regards Shailesh Gupta 512826, +91 7208076162
From: rssac-caucus <rssac-caucus-bounces@icann.org<mailto:rssac-caucus-bounces@icann.org>> On Behalf Of ABDULKARIM AYOPO OLOYEDE Sent: Saturday, December 14, 2019 0:11 To: Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> Cc: RSSAC Caucus <rssac-caucus@icann.org<mailto:rssac-caucus@icann.org>> Subject: Re: [RSSAC Caucus] INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi, I think the document is explicit enough and I hope it can be implemented.
Abdulkarim
On Wed, Dec 11, 2019 at 4:06 PM Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> wrote: Dear RSSAC Caucus,
A friendly reminder to send in any feedback by December 15th.
Thanks, Andrew
On Dec 3, 2019, at 22:49, Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> wrote:
Dear RSSAC Caucus,
The IANA has published a Proposal for Future Root Zone KSK Rollovers and is soliciting public comments on it. <https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-... [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_public-2Dcomments_proposal-2Dfuture-2Drz-2Dksk-2Drollovers-2D2019-2D11-2D01-2Den&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=KNEpS67O2txk54bIz-1lXP0tI5Rmtg88Ogwh6PVSGXJyTMuY0E2SHr70jrG3fGLJ&m=YoEr8VEKz6dca-SGMKWvE03nw_u3sPlsVD0NNpEPcHM&s=iSIeBJOqhJGp75k8Ljg2x9X2ytOJJS9p0ftdFWwR7q0&e=>>
The RSSAC wishes to solicit feedback from the Caucus to determine its response. Please review the proposal and if you have comments please send them to this list by December 15th. Depending on the comments and discussion generated on this list the RSSAC may kick off a quick work party to draft input, or we may just continue using this list for development of the document.
The final deadline for input is January 31, 2020. So we don’t have too much time to get something ready.
Thanks, Andrew _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org<mailto:rssac-caucus@icann.org> https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_p... ) and the website Terms of Service (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_t... ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org<mailto:rssac-caucus@icann.org> https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Website<http://www.unilorin.edu.ng>, Weekly Bulletin<http://www.unilorin.edu.ng/index.php/bulletin> UGPortal<http://uilugportal.unilorin.edu.ng/> PGPortal<https://uilpgportal.unilorin.edu.ng/>
<winmail.dat>_______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Fred, thanks for your below reply , I am not meaning at all that they are denied, I am talking about resolvers operators should be there on the list and I am looking in how to get them all sign up. I hope my point is clear now. Sent from my iPhone
On Dec 14, 2019, at 9:18 PM, Fred Baker <fred@isc.org> wrote:
Question for you. My understanding, which may be incorrect, is that root-dnssec-announce is composed of people who have signed up - people who want to be on it. Your statement leads me to believe that resolver operators are being denied access, or at least you believe that they are. Is that correct?
If I'm correct, resolver operators that are not on it need to add themselves to it.
On Dec 14, 2019, at 1:19 AM, Abdalmonem Tharwat Galila <agalila@mcit.gov.eg> wrote:
The only comment I have that root-dnssec-announce should be grow from time to time to have all resolver operators and making them about about any future rollover process.
Thanks a lot.
All the Best, Abdalmonem Tharwat Galila Deputy Manager, Dot Masr Registry, Operation Sector.
[NTRA Logo 2016] National Telecommunication Regulatory Authority [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523405_telephone] Office Tel.: +2 02 35341582<tel:02%2035341582> - +2 02 35341300<tel:02%2035341300> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Mobile] Mobile: +2 010 00049068<tel:010%2000049068> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: ICON] Fax : +2 02 35370537<tel:02%2035370537> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: oNLINE] Website : http:\\www.mcit.gov.eg<http://www.mcit.gov.eg/> : http:\\www.tra.gov.eg<http://www.mcit.gov.eg/> [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523294_email] E-mail : agalila@mcit.gov.eg<mailto:agalila@mcit.gov.eg> : atharwat@tra.gov.eg<mailto:atharwat@tra.gov.eg> [Description: 1447802547_skype] Skype : abdalmonem.galila [Description: static_qr_code_without_logo] [Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523469_error]DISCLAIMER This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify your system support manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the National Telecom Regulatory Authority (NTRA) . Finally, the recipient should check this email and any attachments for the presence of viruses. The NTRA accepts no liability for any damage caused by any virus transmitted by this email.
From: rssac-caucus [mailto:rssac-caucus-bounces@icann.org] On Behalf Of Gupta Shailesh Sent: Saturday, December 14, 2019 6:42 AM To: ABDULKARIM AYOPO OLOYEDE <oloyede.aa@unilorin.edu.ng>; Andrew McConachie <andrew.mcconachie@icann.org> Cc: RSSAC Caucus <rssac-caucus@icann.org> Subject: Re: [RSSAC Caucus] INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers
I also agree, lets go ahead & implement the same.
Regards Shailesh Gupta 512826, +91 7208076162
From: rssac-caucus <rssac-caucus-bounces@icann.org<mailto:rssac-caucus-bounces@icann.org>> On Behalf Of ABDULKARIM AYOPO OLOYEDE Sent: Saturday, December 14, 2019 0:11 To: Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> Cc: RSSAC Caucus <rssac-caucus@icann.org<mailto:rssac-caucus@icann.org>> Subject: Re: [RSSAC Caucus] INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi, I think the document is explicit enough and I hope it can be implemented.
Abdulkarim
On Wed, Dec 11, 2019 at 4:06 PM Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> wrote: Dear RSSAC Caucus,
A friendly reminder to send in any feedback by December 15th.
Thanks, Andrew
On Dec 3, 2019, at 22:49, Andrew McConachie <andrew.mcconachie@icann.org<mailto:andrew.mcconachie@icann.org>> wrote:
Dear RSSAC Caucus,
The IANA has published a Proposal for Future Root Zone KSK Rollovers and is soliciting public comments on it. <https://www.icann.org/public-comments/proposal-future-rz-ksk-rollovers-2019-... [icann.org]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_public-2Dcomments_proposal-2Dfuture-2Drz-2Dksk-2Drollovers-2D2019-2D11-2D01-2Den&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=KNEpS67O2txk54bIz-1lXP0tI5Rmtg88Ogwh6PVSGXJyTMuY0E2SHr70jrG3fGLJ&m=YoEr8VEKz6dca-SGMKWvE03nw_u3sPlsVD0NNpEPcHM&s=iSIeBJOqhJGp75k8Ljg2x9X2ytOJJS9p0ftdFWwR7q0&e=>>
The RSSAC wishes to solicit feedback from the Caucus to determine its response. Please review the proposal and if you have comments please send them to this list by December 15th. Depending on the comments and discussion generated on this list the RSSAC may kick off a quick work party to draft input, or we may just continue using this list for development of the document.
The final deadline for input is January 31, 2020. So we don’t have too much time to get something ready.
Thanks, Andrew _______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org<mailto:rssac-caucus@icann.org> https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_p... ) and the website Terms of Service (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_privacy_t... ). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org<mailto:rssac-caucus@icann.org> https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Website<http://www.unilorin.edu.ng>, Weekly Bulletin<http://www.unilorin.edu.ng/index.php/bulletin> UGPortal<http://uilugportal.unilorin.edu.ng/> PGPortal<https://uilpgportal.unilorin.edu.ng/>
<winmail.dat>_______________________________________________ rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
On Dec 14, 2019, at 11:26 AM, Abdalmonem Tharwat Galila <agalila@mcit.gov.eg> wrote:
I am not meaning at all that they are denied, I am talking about resolvers operators should be there on the list and I am looking in how to get them all sign up.
So be it. They can go to https://mm.icann.org/mailman/listinfo/root-dnssec-announce and add their inscriptions. That's how the rest of us get onto mailing lists. By all means, please invite them to do so.
While I concur with most of the proposed guidelines on the key rollover interval(s), I have particular misgivings on the duration of Phase D (KSK standby state). Why should this phase last for two years? Publishing a KSK but not deploying it for two years potentially invites an attacker to exploit possible vulnerabilities with either the properties of the key or key generation algorithm. The ROCA <https://en.wikipedia.org/wiki/ROCA_vulnerability>vulnerability shows that even 2048-bit RSA is susceptible to exploitation. If phase D could be reduced a reasonably shorter duration (1-1.5 years) this problem could be mitigated. However, if this duration is pretty short and will inconvenience the dissemination of the KSK to OS and DNS software vendors, then considerations should be proposed for using a longer KSK key length of 3072-bit RSA. Best Regards, Paul Muchene
Sending again using the right email address...
On Dec 15, 2019, at 12:31 AM, Paul M <paulitrix@gmail.com> wrote:
considerations should be proposed for using a longer KSK key length of 3072-bit RSA.
I ran across an interesting article in that context: https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vul...
then considerations should be proposed for using a longer KSK key length of 3072-bit RSA.
Larger size of key of RSA is not a right direction. If people think the 2048-bit RSA is strong enough, larger size of key will only result large size of DNSKEY and the response. If you think we should strengthen it, why not switch to ECC give a reasonable timeline in future. Davey
I'd support Davey's idea to move ECDSA or ED25519 based algorithm to have better protection. It also contribute minimizing UDP fragmentation and TCP fallback. It has been shown in the case of .BR algorithm migration which was presented by NIC.BR people in Madrid ICANN meeting. I understand it may not appropriate to schedule algorithm rollover in the next KSK rollover. But it may be essential that ICANN will announce that algorithm rollover may be performed in the second-next (KSK-2023?) rollver as well and that ICANN encourages people to be ready for efficient algorthm. -- Akira Kato From: Davey Song <songlinjian@gmail.com> Subject: Re: [RSSAC Caucus] INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers Date: Mon, 16 Dec 2019 11:34:05 +0800
then considerations should be proposed for using a longer KSK key length of 3072-bit RSA.
Larger size of key of RSA is not a right direction. If people think the 2048-bit RSA is strong enough, larger size of key will only result large size of DNSKEY and the response. If you think we should strengthen it, why not switch to ECC give a reasonable timeline in future.
Davey
The ecosystem is not yet ready fo ED25519, but the next KSK Rollover should definitely consider using ECDSA256 as a first choice. The KSK rollover process must include an algorithm change assessment step, where the responsible KSK rollover team would perform measurement of the algorithm change effect. With TLDs and big operators already running or deploying NIST EC algorithm, I believe the algorithm change to ECDSA would be the timed just right for the next rollover. JFTR The design team for the last KSK Rollover has specifically ruled out algorithm change (for details see the design document), but the next KSK rollover should definitely switch to EC algorithm. As a side note - the ROCA is a vulnerability in the implementation. This should not affect a key size decision making process in any way. Ondrej -- Ondřej Surý ondrej@sury.org
On 18 Dec 2019, at 11:40, Akira Kato <kato@wide.ad.jp> wrote:
I'd support Davey's idea to move ECDSA or ED25519 based algorithm to have better protection. It also contribute minimizing UDP fragmentation and TCP fallback. It has been shown in the case of .BR algorithm migration which was presented by NIC.BR people in Madrid ICANN meeting.
I understand it may not appropriate to schedule algorithm rollover in the next KSK rollover. But it may be essential that ICANN will announce that algorithm rollover may be performed in the second-next (KSK-2023?) rollver as well and that ICANN encourages people to be ready for efficient algorthm.
-- Akira Kato
From: Davey Song <songlinjian@gmail.com> Subject: Re: [RSSAC Caucus] INPUT REQUESTED: Proposal for Future Root Zone KSK Rollovers Date: Mon, 16 Dec 2019 11:34:05 +0800
then considerations should be proposed for using a longer KSK key length of 3072-bit RSA.
Larger size of key of RSA is not a right direction. If people think the 2048-bit RSA is strong enough, larger size of key will only result large size of DNSKEY and the response. If you think we should strengthen it, why not switch to ECC give a reasonable timeline in future.
Davey
rssac-caucus mailing list rssac-caucus@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
participants (10)
-
Abdalmonem Tharwat Galila -
ABDULKARIM AYOPO OLOYEDE -
Akira Kato -
Andrew McConachie -
Davey Song -
Fred Baker -
George Michaelson -
Gupta Shailesh -
Ondřej Surý -
Paul M