Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
DNS Root Zone KSK Rollover Planning
1. Root Zone KSK: After 5 years
Elise Gerich | APNIC 40 | September 2015
2. | 2
Where are we today
Roll (change) the Root Key Signing Key (KSK)
Getting to a plan
Agenda
3. | 3
Root Zone KSK (Key Signing Key)
The trust anchor in the DNSSEC hierarchy
Has been in operation since June 2010
Root Zone Partners
ICANN
Verisign
USG Dept of Commerce NTIA
"After 5 years of operation"
Created Design Team to propose plan for
rollover of root KSK
Target for delivery of plan in fall of 2015
Where are we today
4. | 4
Design Team Members
Volunteer Team Members
Joe Abley
John Dickinson
Ondrej Sury
Yoshiro Yoneya
Jaap Akkerhuis
Geoff Huston
Paul Wouters
Root Zone Partners
5. | 5
What is …
KSK
Key-Signing Key signs DNSKEY RR set
Root Zone KSK
Public key in DNS Validator Trust Anchor
sets
Copied everywhere - "configuration
data"
Private key used only inside Hardware
Security Module (HSM)
Impact of root KSK rollover
Large impact on those validating
A new root KSK has to be updated
everywhere
Other KSK rolls inform the parent (or DLV)
6. | 6
Planning Approach
Current Volunteer Design Team
Study, discussion through July
Present draft report for ICANN Public
Comment
https://www.icann.org/public-comments/root-
ksk-2015-08-06-en
Present final report ~ one month after Public
Comment Period closes
7. | 7
Feedback Welcome
Input to the Public Comment
https://www.icann.org/public-comments/root-
ksk-2015-08-06-en
Input to Design Team Members
Input during Q&A after Geoff’s presentation