I feel backup key, and alg, are sufficiently of wide benefit, that the qualms about frequency are second-order to the primary goal of an improved outcome
1) backups go to stability of unplanned events 2) new alg would permit a return to shorter packet sizes even across keyroll, which makes IPv6 DNS on UDP more reliable I understand your concern, but I think its cart-before-horse stuff. We *want* shorter crypto sigs. and we *want* more reliable behaviour in unexpected circumstances. We can't get there, without another keyroll. probably two more. -G On Wed, Oct 31, 2018 at 9:40 AM Mark Andrews <[email protected]> wrote: > > Name server vendors have NO CONTROL over when down streams pick up changes. > We would like OS vendors to pick up maintenance release sooner than they do. > It would reduce the amount of time we spend diagnosing already fixed issues. > We spend the time back porting fixes so people can have stable interfaces > and fixed code. The more maintenance releases installed the better the bang > for buck that work achieves. > > > On 31 Oct 2018, at 9:38 am, Dr Eberhard W Lisse <[email protected]> wrote: > > > > Mark, > > > > but would regular rolls not put vendors into a 'habit' of getting > > updates onto their package managers? > > > > el > > > > On 2018-10-30 23:31 , Mark Andrews wrote: > >> Ultra frequent key rolls are not necessary. It takes years the latest > >> releases of name servers to make it into shipping OS’s. The last KSK > >> worked so well in part because there was a large amount of time > >> between publishing the new KSK and using the new KSK. This allowed > >> name server vendors to publish releases with the new KSK and for those > >> release to make it into some OS releases. > >> > >>> On 30 Oct 2018, at 10:05 pm, Tony Finch <[email protected]> wrote: > >>> > >>> Steve Crocker <[email protected]> wrote: > >>> > >>>> I had advocated early and frequent rollovers for precisely the > >>>> reason: keep doing it until it’s easy, so we’re in strong agreement. > >>> > >>> Yes, I would like to see annual rollovers. Keep that hinge greased > >>> :-) > >>> > >>> Tony. > > > > -- > > Dr. Eberhard W. Lisse / Obstetrician & Gynaecologist (Saar) > > [email protected] / * | Telephone: +264 81 124 6733 (cell) > > PO Box 8421 / > > Bachbrecht, Namibia ;____/ > > > > _______________________________________________ > > DNSOP mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/dnsop > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
