[lacnog] Fwd: [root-ksk-ceremony] Courtesy advance notification: Announcing Draft Plan for Continuing With the Root KSK Roll

Nicolas Antoniello nantoniello en gmail.com
Jue Feb 1 12:30:12 BRST 2018


Reenvío pues puede ser de interés para varios...


---------- Forwarded message ----------
From: Matt Larson
Date: Thu, Feb 1, 2018 at 11:27 AM
Subject: [root-ksk-ceremony] Courtesy advance notification: Announcing
Draft Plan for Continuing With the Root KSK Roll
To: "root-ksk-ceremony en icann.org"


Dear colleagues,

I wanted to give you advance notice that ICANN has made a plan for
continuing with the root KSK roll based on community feedback and today we
are announcing that plan, which is published here:

https://www.icann.org/en/system/files/files/plan-
continuing-root-ksk-rollover-01feb18-en.pdf

We're also opening a public comment period to receive wider community
feedback. Below is the text of a blog post with more information that will
appear on icann.org at around 0900 PST.

Thanks and please let me know if you have any questions.

Matt

*Announcing Draft Plan For Continuing With The KSK Roll*

By Matt Larson, VP of Research, Office of Chief Technology Officer

A formal ICANN public comment period has been opened to receive community
input on a draft plan
<https://www.icann.org/en/system/files/files/plan-continuing-root-ksk-rollover-01feb18-en.pdf>
to proceed with the KSK rollover project. This comment period will run
until 1 April 2018 and we are eager to receive any and all comments.

The plan calls for rolling the root zone KSK on 11 October 2018 (one year
later than originally planned), continuing extensive outreach to notify as
many resolver operators as possible, and publishing more observations of
the RFC 8145 trust anchor report data. Additional details are contained
within the plan.

In addition, we are planning a session at ICANN61 in Puerto Rico, to
further discuss the plan and obtain additional feedback.

The draft plan follows our posting
<https://www.icann.org/news/blog/update-on-the-root-ksk-rollover-project>
in late December, in which the ICANN organization announced next steps in
the process to resume the root KSK rollover project. We described our
efforts to track down the operators of DNS resolvers that were not ready
for the rollover.

Using a protocol described in RFC 8145
<https://tools.ietf.org/rfc/rfc8145.txt>, these problematic resolvers had
reported to the root servers a trust anchor configuration with only the
current KSK (known as KSK-2010) and not the newer  KSK (known as KSK-2017).

In our December posting we also detailed the difficulty in contacting
operators, and noted that when we were able to reach an operator, we
learned that there were a variety of causes for the resolver’s lagging
configuration.

The bottom line is that these findings did not afford much clarity as to
the next steps for mitigating specific causes nor did they afford any
guidance for appropriate messaging. Faced with this situation, we announced
our intention to solicit input from the community on acceptable criteria
for proceeding with the root KSK roll.

Since that posting in December, a robust community discussion ensued
between interested community members. There was agreement during these
discussions that there is no way to accurately measure the number of users
who would be affected by rolling the root KSK, even though there was a
belief that better measurements may become available for future KSK
rollovers.

The consensus of those involved in the discussions was that the ICANN org
should proceed with rolling the root zone KSK in a timely fashion while
continuing outreach to ensure that the word of the rollover reach as wide
an audience as possible.

We look forward to continuing to work with the ICANN community to roll the
root zone KSK.


_______________________________________________
root-ksk-ceremony mailing list
root-ksk-ceremony en icann.org
https://mm.icann.org/mailman/listinfo/root-ksk-ceremony
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20180201/20352cc5/attachment.html>


Más información sobre la lista de distribución LACNOG