On Oct 3, 2006, at 5:19 AM, Iljitsch van Beijnum wrote:
So I think most operators would prefer to do a key rollover where
the old key remains valid indefinitely and is removed manually
rather than automatically after some time.
Somehow I can't imagine any real implementation NOT having this
capability. So you set the delete timer for "next year"... You're in
control of it.
I guess I'm making a suggestion, and if it is not reasonable then
Steve and his working group have to decide that. You raised a
concern, that the roll-over procedure could cause unintended outages.
I suggested an approach that doesn't cause unintended outages and
puts you in control of what your network does.
What it sounds like you're arguing for is turning the procedure off,
doing the change manually with the other operator on the phone, and
taking the outage when if happens. If that is indeed what you want,
then I think you want a nerd-knob that will allow you to choose your
destiny by turning the procedure off. For the rest of the world, I
can think of folks that change keys on a daily or weekly basis, or at
least tell me they do, and are really in hope of a way to automate
that in a reliable fashion. I think Steve is trying to accomplish
that for them; I certainly am.
Yes, by the way - the folks I'm thinking of are indeed concerned that
equipment that used to be under their control might become available
to someone else. In such a case, they would prefer that the keys be
destroyed and that communication cease.
Ietf mailing list