«
»

Status Update, 2010-06-18

This is the ninth of a series of technical status updates intended
to inform a technical audience on progress in signing the root zone
of the DNS.

RESOURCES

Details of the project, including documentation published to date,
can be found at https://www.co.tt/files/dnssecroot/.

We’d like to hear from you. If you have feedback for us, please
send it to rootsign@icann.org.

KSK CEREMONY 1 COMPLETE

The first KSK ceremony for the root zone was completed this week
in Culpeper, VA, USA. The Ceremony Administrator was Mehmet Akcin.

The first production KSK has now been generated. This is the key
that is scheduled to be put into service on 2010-07-15.

The first production Key Signing Request (KSR) generated by VeriSign
has now been processed by ICANN using the root zone KSK, and the
resulting Signed Key Response (KSR) has been accepted by VeriSign.
This SKR contains signatures for Q3 2010, for use between 2010-07-01
and 2010-09-30.

Audit materials relating to the first ceremony will be published
as soon as is practical, and in particular before 2010-07-15.

The KSK and SKR generated during this ceremony will not be approved
for production until the KSK key pair has been successfully transported
to ICANN’s west-coast ceremony facility in El Segundo, CA, USA, and
placed in secure storage.

KSK CEREMONY 2 SCHEDULED

The second KSK ceremony for the root zone is scheduled to take place
in El Segundo, CA, USA on 2010-07-12. Replication of key materials
onto west-coast HSMs, enrolment of west-coast crypto officers and
processing of the Q4 2010 KSR (for production use between 2010-10-01
and 2010-12-31) will take place during this ceremony.

PLANNED DEPLOYMENT SCHEDULE

Already completed:

  • 2010-01-27: L starts to serve DURZ
  • 2010-02-10: A starts to serve DURZ
  • 2010-03-03: M, I start to serve DURZ
  • 2010-03-24: D, K, E start to serve DURZ
  • 2010-04-14: B, H, C, G, F start to serve DURZ
  • 2010-05-05: J start to serve DURZ
  • 2010-06-16: First Key Signing Key (KSK) Ceremony

To come:

  • 2010-07-12: Second Key Signing Key (KSK) Ceremony
  • 2010-07-15: Distribution of validatable, production, signed root zone; publication of root zone trust anchor

(Please note that this schedule is tentative and subject to change based on testing results or other unforeseen factors.)

This entry was posted on Friday, June 18th, 2010 at 12:13 and is filed under Status. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.