[AfrICANN-discuss] ICANN's First DNSSEC Key Ceremony for the Root
annerachel at gmail.com
Wed Jun 9 01:24:39 SAST 2010
ICANN's First DNSSEC Key Ceremony for the Root Zone
7 June 2010
The global deployment of Domain Name System Security Extensions (DNSSEC)
will achieve an important milestone on June 16, 2010 as ICANN hosts the
first production DNSSEC key ceremony in a high security data centre in
Culpeper, VA, outside of Washington, DC.
[image: Secure data center in Culpeppper, VA - location of first DNSSEC key
*Secure data center in Culpeper, VA - location of first DNSSEC key signing
During the key ceremony the first cryptographic digital key used to secure
the Internet root zone will be generated and securely stored.
Each key ceremony consists of a series of detailed procedures designed to
allow the private key material for the root zone to be managed in a
transparent yet secure manner. The goal is for the whole Internet community
to be able to trust that the procedures involved were executed correctly,
and that the private key materials are stored securely.
Security of the private key is important because it ensures that any
signature made by that key is known to originate from a legitimate key
ceremony, and not by an untrusted third party.
Each key ceremony will involve ICANN staff together with 14 volunteers known
as Trusted Community Representatives (TCRs). Each TCR is a respected member
of the technical Domain Name System (DNS) community in their home country.
They are also unaffiliated to ICANN, VeriSign or the US Department of
Commerce, and have been assigned a separate key management role within the
ceremony. The involvement of these independent participants provides
transparency of process -- a successful key ceremony is only possible if the
TCRs involved are satisfied that all steps were executed accurately and
correctly. The ceremony and its associated systems and processes will also
be subject to a SysTrust audit.
The deployment of DNSSEC in the root zone of the DNS provides benefits for
those who publish information in the DNS, and for those who retrieve it.
Top-Level Domain (TLD) managers and end-users alike will benefit from being
able to publish and locate cryptographic key material ("trust anchors") in
the root zone. The root zone provides a consistent and convenient entry
point to the security of the whole system.
A second key ceremony will take place in a second secure facility in Los
Angeles in early July. By having two complete and independent facilities
available, ICANN is able to ensure that key ceremonies can continue to occur
in the event of an unexpected disaster in one location. Scheduled key
ceremonies will take place four times annually, with two occurring in each
location. Full deployment of DNSSEC in the root zone, using the key first
generated in Culpeper, is scheduled to take place on July 15, 2010.
Extensive documentation and related information about the project can be
found at http://www.root-dnssec.org/.
*Sign up for ICANN's Monthly Magazine <http://www.icann.org/en/magazine/>*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the AfrICANN