<div dir="auto">Hi Guys,<div dir="auto"><br></div><div dir="auto">Following the successful KSK rollover, I wrote a short piece on </div><div dir="auto">it:</div><div dir="auto"><br></div><div dir="auto"> <a href="http://www.circleid.com/posts/20181013_ksk_rollover_elliptical_curve_vulnerabilities_surveillance/">http://www.circleid.com/posts/20181013_ksk_rollover_elliptical_curve_vulnerabilities_surveillance/</a></div><div dir="auto"><br></div><div dir="auto">Sala</div></div><br><div class="gmail_quote"><div dir="ltr">On Sun, 14 Oct 2018, 7:58 am Alan Greenberg, <<a href="mailto:alan.greenberg@mcgill.ca">alan.greenberg@mcgill.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
Although there may be some similarities (certainly in the end-result),
the reason is very different.<br><br>
In the the case of the KSK Rollover, we had several unknowns. We had no
idea how many servers did not have DNSSEC enabled (which meant they would
not be affected) nor how many had it enabled and had the new key. Nor did
we know how fast service would react if there was a problem. The last
estimates were that a VERY tiny fraction of users would be affected, and
that proved to be true.<br><br>
With Y2K, there was abundant evidence that in the absence of an intense
work effort, there WOULD be problems - it was easy to see that a system
that only stored two digits for the year would sort them out of order
when once there was a "00". And a system that subtracted 1900
from the full year would suddenly have a 3-digit result. And there was
plenty of code that did not recognize properly that 2000 was a leap year
(so Feb 29, 2000 was another hurdle when some of us held their breath).
Even many systems built in the mid-1990s were going to fail.<br><br>
Issues were not just software (where in many cases, the source code no
longer existed) but hardware clocks which did not expect the change. It
was estimated that for network equipment (primarily voice I think) only
50% produced prior to 1996 would function properly. And where the
hardware would work, the billing might not.<br><br>
And unlike with DNSSEC (where you could opt out consciously or
unconsciously be not using DNSSEC), you could not opt out of the year
changing on Dec 31.<br><br>
In the end, there were relatively few problems, but that was because of
an unbelievably intense effort that went into fixing potential problems
or replacing or decommissioning systems.<br><br>
Alan<br><br>
At 13/10/2018 12:45 AM, Kan Kaili wrote:<br>
<blockquote type="cite" class="m_-5324981414780361436cite"> <br>
<font size="2">Sounds like the terror story happened just before the year
2000 ... :)</font></blockquote></div>
_______________________________________________<br>
ALAC mailing list<br>
<a href="mailto:ALAC@atlarge-lists.icann.org" target="_blank" rel="noreferrer">ALAC@atlarge-lists.icann.org</a><br>
<a href="https://atlarge-lists.icann.org/mailman/listinfo/alac" rel="noreferrer noreferrer" target="_blank">https://atlarge-lists.icann.org/mailman/listinfo/alac</a><br>
<br>
At-Large Online: <a href="http://www.atlarge.icann.org" rel="noreferrer noreferrer" target="_blank">http://www.atlarge.icann.org</a><br>
ALAC Working Wiki: <a href="https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)" rel="noreferrer noreferrer" target="_blank">https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)</a></blockquote></div>