On Jan 21, 2010, at 6:03 PM, Jim Reid wrote: > On 21 Jan 2010, at 22:11, Roy Arends wrote: > >> I'd recommend that 'exercise the activity' is not done on critical >> production systems. > > I'd recommend the opposite. Sort of: carry out these drills in the production > environment but clearly not on the systems that are actually handling the > operational load. > If your processes and policies aren't up to the job of working in a critical > production environment, they're fundamentally broken because
Hold on a minute. I'm referring to 'exercise the activity' as in practicing the processes and policies. You are saying that processes and policies should be up to the job. Those are two different things. > they don't do what they're supposed to do. Think about it Roy. Key rollovers > will *have* to be done in a production environment, and not always according > to a previously planned schedule. Sure. > So whatever processes and procedures someone devises for doing a key rollover > should be robust enough to cope with emergencies such as a compromised key. Absolutely. Until then, don't roll. > True mission critical environments know how to handle scheduled changes and > unplanned interventions: -- applying patches, replacing hardware, OS > upgrades, etc -- without compromising service. In such settings, a key > rollover would just be another thing to add to the ops team's list and it > shouldn't matter if that rollover was planned or not. Absolutely. I'm all for proper policies, procedures, processes. You get there by (among other things) 'exercise the activity'. I'm also for that. I'm arguing that the exercising should not be done on critical production systems. Think about it Jim. Roy _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
