[AfrICANN-discuss] A blog on the Key Signing Key Rollover (KSK)

Janvier NGNOULAYE jnoulaye at gmail.com
Wed Nov 9 10:00:57 UTC 2016 

Hi Pierre,
Thanks for the update,
That's great with Alain Aina part of this KSK operations.
He will share this best practice with us during one of our upcoming
community meeting.

Regards,
Janvier Ngnoulaye
Afrinic Community Member


2016-11-09 7:15 GMT+01:00 Dandjinou Pierre <pdandjinou at gmail.com>:

> Fyi, a blog by Edward Lewis on the KSK
>
> Pierre
> Step 2 - Done
> Blog Post created by Edward Lewis
> <https://wecann.icann.org/people/edward.lewis%40icann.org> on Oct 28, 2016
>
> October 27, 2016, around 2:50pm local time in Culpeper, Virginia, Alain
> Aina pressed two keyboard keys on a laptop and the new root zone DNSSEC Key
> Signing Key (aka "root KSK") was created.  The first noticeable event of
> the KSK rollover has happened.
>
>
>
> Step 2 is done.
>
>
>
> Alain Aina is a Trusted Community Representative, one of the non-ICANN
> staff members who are called in to witness operations involving the root
> KSK.  He was invited, as one of the TCRs in attendance, by the Ceremony
> Administrator, Kim Davies, to press the keys.
>
>
>
> So. the new KSK exists. Although the public KSK is no secret, we are not
> publicizing it yet.  That will wait until the new KSK makes its way into
> the appropriate devices in El Segundo.  Today, October 28th, the new KSK
> will arrive but remain bagged in a safe until the next gathering of TCR in
> a few months.  Until that gathering, because something might go wrong still
> (operators are very paranoid folks), we aren't publicizing the new KSK just
> yet.
>
>
>
> Oh, what was step 1?
>
>
>
> Step 1 was the behind-the-scenes, non-glitzy upgrade of the software
> needed to create the new KSK.  In recent months, without fanfare, code was
> updated, checked, tested, audited by Punky Duero, Andres Pavez, Rick Lamb
> and maybe others I'm leaving out from ICANN staff.  Within the project,
> this is a very essential step but draws little attention because there's no
> immediate result.  No one tweets "the code passed QA!"
>
>
>
> With step 2, we walked away with a shiny new KSK.
>
> --
> Pierre Dandjinou
> Cotonou - 229 90 087784 / 66566610
> Dakar 221 77 639 30 41
> www.scg.bj
> skype : sagbo1953
>
>
>
> _______________________________________________
> AfrICANN mailing list
> AfrICANN at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/africann
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/africann/attachments/20161109/384584d7/attachment.html>

More information about the AfrICANN mailing list