Roy Arends wrote:
> I find it worrying that folks intend to test or practice operational
> procedures by doing it often on a live production system. What if that
> test or practice fails? "Whoops, we were testing it on the live system,
> we failed, good thing we called it a test"
>
> There is also a risk involved by rolling keys over regularly. Especially
> when the schedule is publicly announced. "If your attack fails, we will
> have write access to the keystore _every month_, on the 1st, at exactly
> 3 am cest".
>
> I fail to see the operational benefit of "Frequent Rollover Syndrome".
Roy,
I know you understand the concept that no matter how well you practice
something in the QA lab you're never really _sure_ it works till you
do it "in the wild." I think that at least in the early days of actual
DNSSEC deployment (which we have barely stepped into atm) it's very
reasonable to exercise all parts of the system now, under (relatively)
controlled conditions so that down the road if we reach a point where
we are forced to do an emergency key rollover on an "important" zone
we'll have some level of comfort (or at least know where to look for
things to break).
Down the road I tend to agree with you that "frequent" KSK rollover
will probably not have much benefit, but if I were administering a
zone for which DNSSEC was critical I'd probably do it once a year just
to keep all parts of the machine lubricated.
Doug
--
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
