«
»

Status Update, 2010-07-10

This is the tenth of a series of technical status updates intended to inform a technical audience on progress in signing the root zone of the DNS.

RESOURCES

Details of the project, including documentation published to date, can be found at https://www.co.tt/files/dnssecroot/.

We’d like to hear from you. If you have feedback for us, please send it to rootsign@icann.org.

KSK CEREMONY 2

The second KSK ceremony for the root zone will take place in El Segundo, CA, USA on Monday 2010-07-12. The ceremony is scheduled to begin at 1300 local time (2000 UTC) and is expected to end by 1900 local time (0200 UTC).

Video from Ceremony 2 will be recorded for audit purposes, as with Ceremony 1. Video and associated audit materials will be published before the signed root enters full production on 2010-07-15. Details will be circulated before that date.

ICANN will operate a separate camera whose video will not be retained for audit purposes, but which will instead be streamed live in order to provide remote observers an opportunity to watch the ceremony. The live stream will be provided on a best-effort basis.

The live video stream will be available at http://dns.icann.org/ksk/stream/.

FULL PRODUCTION SIGNED ROOT ZONE

The transition from Deliberately-Unvalidatable Root Zone (DURZ) to production signed root zone will take place on 2010-07-15.

Trust anchor publication, according to draft-icann-dnssec-trust-anchor-00 will take place after the maintenance window closes, once a final set of tests have been completed by ICANN and the results have been found to be positive.

FTP ACCESS TO SIGNED ZONE FILES

Following the transition on 2010-07-15 the unsigned root and ARPA zone files published at

ftp://rs.internic.net/domain/
ftp://ftp.internic.net/domain/

will be replaced by signed zone files. That is, the zone files retrieved from both FTP servers will contain DNSSEC data, and will hence faithfully represent the zones being served by root servers.

PLANNED DEPLOYMENT SCHEDULE

Already completed:

  • 2010-01-27: L starts to serve DURZ
  • 2010-02-10: A starts to serve DURZ
  • 2010-03-03: M, I start to serve DURZ
  • 2010-03-24: D, K, E start to serve DURZ
  • 2010-04-14: B, H, C, G, F start to serve DURZ
  • 2010-05-05: J start to serve DURZ
  • 2010-06-16: First Key Signing Key (KSK) Ceremony

To come:

  • 2010-07-12: Second Key Signing Key (KSK) Ceremony
  • 2010-07-15: Distribution of validatable, production, signed root zone; publication of root zone trust anchor

(Please note that this schedule is tentative and subject to change based on testing results or other unforeseen factors.)

This entry was posted on Saturday, July 10th, 2010 at 09:10 and is filed under Status. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to “Status Update, 2010-07-10”

  1. Tweets that mention Root DNSSEC » Blog Archive » Status Update, 2010-07-10 -- Topsy.com Says:
    July 11th, 2010 at 00:19

    [...] This post was mentioned on Twitter by Loren M. Lang. Loren M. Lang said: RT @chidalgo: The second KSK ceremony for the root zone will take place on Monday 2010-07-12: http://bit.ly/dxqXtp #DNSSEC #DNS [...]