Public Comment is a vital part of our multistakeholder model. It provides a mechanism for stakeholders to have their opinions and recommendations formally and publicly documented. It is an opportunity for the ICANN community to effect change and improve policies and operations.
Contenido disponible solo en los siguientes idiomas
I support the move from RSA to ECDSA for the Root KSK. It makes sense from both a performance and long-term security perspective, especially considering response sizes and the need to avoid unnecessary fragmentation during DNSSEC validation.
The double-signing approach looks reasonable, but I think the biggest risk is still around resolver behavior in the real world. While major implementations support ECDSA, there are always edge cases, especially with older systems or environments where trust anchors are not updated properly. That part will probably be where issues show up first.
It would be helpful to have more visibility into how resolvers are behaving during the transition. Tracking validation failures, fallback patterns, or any inconsistencies during the dual-signing phase could make a big difference in catching problems early.
The temporary reduction of the RSA ZSK size also makes sense to manage response size, but it does introduce a trade-off. It might be worth being more explicit about how that risk is being monitored during the transition period.
Overall, the phased rollout and the ability to pause or roll back if needed are strong points. Given how critical the Root KSK is, taking a cautious and observable approach is the right move.
This submission supports the transition from RSA to ECDSA for the Root KSK and agrees with the overall phased rollout approach. The feedback highlights the importance of monitoring real-world resolver behavior, improving visibility into validation issues during the transition, and clearly acknowledging temporary trade-offs such as the reduced RSA ZSK size. The proposal is solid, with suggestions focused on operational visibility and risk management.