These are good questions Ondrej. As Roy pointed out its not clear if you are referring to the “inward” signalling of RFC8145 or the response-based signalling of RFC8509.
In the first roll one of the big questions was “who sees the roll” and the intent of RFC8509 was to jump in between the addition of the new key to the root zone and the actual roll to see the extent to which validating resolvers had seen the incoming key and added it to their local trusted key set. Given the way RFC8509 works there is little point performing the measurement prior to the provisioning including of the incoming key in the root zone, so there is no point in gathering data at present except to calibrate the measurement to understand the extent to which resolvers recognise the “special processing” case of the two labels defined in RFC8509. So I guess that frpm APNIC Lab’s perspective the RFC8509 measurement work starts in earnest once a schedule for the next RZ KSK roll is proposed. Geoff > On 23 Jun 2021, at 5:10 pm, Ondřej Surý <[email protected]> wrote: > > Hi, > > during the last RZ KSK rollover we scrambled to add the Root Key Sentinel > to the code and as far as I know it did give us different data than was > expected. > So, my current question is: > > - is it still useful? > - will it be useful for the next RZ KSK rollover? > - is anybody gathering the data right now? > - is anybody planning to gather the data before the next RZ KSK rollover? > > Thanks, > Ondrej > -- > Ondřej Surý (He/Him) > [email protected] > > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
