--- Begin Message ---
Hi,
We’ve looked at root sentinel data (RFC 8509) in our study of the Root KSK
rollover but back then it was not widely deployed [1].
According to [2] support is rising slowly, so it might be more useful before
the next rollover.
So personally, from a research point of view, I would not abandon it yet even
though the signal must be interpreted with care.
—
Moritz
[1] Roll Roll Roll Your Root: A Comprehensive Analysis of the First Ever DNSSEC
Root KSK Rollover
https://www.sidnlabs.nl/downloads/3mSYgcR3dYeCZvMQItOS1G/0b898a6a4407a64d52401b302fb098d5/author_version.pdf
[2] https://dnsthought.nlnetlabs.nl/#ta_20326
> On 23 Jun 2021, at 15:23, Roy Arends <[email protected]> wrote:
>
> Hi Ondrej
>
>> On 23 Jun 2021, at 08:10, Ondřej Surý <[email protected]> wrote:
>>
>> Hi,
>>
>> during the last RZ KSK rollover we scrambled to add the Root Key Sentinel
>> to the code and as far as I know it did give us different data than was
>> expected.
>
> I am going to assume you are referring to RFC8145 (Signaling Trust Anchor
> Knowledge in DNSSEC) and not RFC8509 (A Root Key Trust Anchor Sentinel for
> DNSSEC). My apologies if you meant the latter, as I have no information on
> that.
>
>> So, my current question is:
>>
>> - is it still useful?
>
> Personally, I find it interesting data, but I currently have no business case
> for it.
>
>> - will it be useful for the next RZ KSK rollover?
>
> It may be.
>
>> - is anybody gathering the data right now?
>
> We (the Office of the CTO at ICANN) received accumulated stats from Root
> Server Operators before and during the last rollover. We do not receive them
> currently. While we have access to IMRS traffic data, we do not currently
> process RFC8145 signals.
>
>> - is anybody planning to gather the data before the next RZ KSK rollover?
>
> I am going to assume that that is going to happen.
>
> Hope this helps!
>
> Warmly,
>
> Roy
>
>
>>
>> Thanks,
>> Ondrej
>> --
>> Ondřej Surý (He/Him)
>> [email protected]
>>
>>
>> _______________________________________________
>> dns-operations mailing list
>> [email protected]
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
>
> _______________________________________________
> dns-operations mailing list
> [email protected]
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
signature.asc
Description: Message signed with OpenPGP
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
