[AfrICANN-discuss] A blog on the Key Signing Key Rollover (KSK)

[Dandjinou Pierre]

Fyi, a blog by Edward Lewis on the KSK

Pierre
Step 2 - Done
Blog Post created by Edward Lewis
<https://wecann.icann.org/people/edward.lewis%40icann.org> on Oct 28, 2016

October 27, 2016, around 2:50pm local time in Culpeper, Virginia, Alain
Aina pressed two keyboard keys on a laptop and the new root zone DNSSEC Key
Signing Key (aka "root KSK") was created.  The first noticeable event of
the KSK rollover has happened.



Step 2 is done.



Alain Aina is a Trusted Community Representative, one of the non-ICANN
staff members who are called in to witness operations involving the root
KSK.  He was invited, as one of the TCRs in attendance, by the Ceremony
Administrator, Kim Davies, to press the keys.



So. the new KSK exists. Although the public KSK is no secret, we are not
publicizing it yet.  That will wait until the new KSK makes its way into
the appropriate devices in El Segundo.  Today, October 28th, the new KSK
will arrive but remain bagged in a safe until the next gathering of TCR in
a few months.  Until that gathering, because something might go wrong still
(operators are very paranoid folks), we aren't publicizing the new KSK just
yet.



Oh, what was step 1?



Step 1 was the behind-the-scenes, non-glitzy upgrade of the software needed
to create the new KSK.  In recent months, without fanfare, code was
updated, checked, tested, audited by Punky Duero, Andres Pavez, Rick Lamb
and maybe others I'm leaving out from ICANN staff.  Within the project,
this is a very essential step but draws little attention because there's no
immediate result.  No one tweets "the code passed QA!"



With step 2, we walked away with a shiny new KSK.

-- 
Pierre Dandjinou
Cotonou - 229 90 087784 / 66566610
Dakar 221 77 639 30 41
www.scg.bj
skype : sagbo1953
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/africann/attachments/20161109/b5f925d3/attachment.html>