<div dir="ltr"><div>Fyi, a blog by Edward Lewis on the KSK</div><div><br></div><div>Pierre</div><header class="gmail-j-content-header" style="margin:0px;padding:58px 50px 0px;border:0px;font-size:14px;font-family:'lucida grande','lucida sans unicode','lucida sans','dejavu sans','bitstream vera sans','liberation sans','helvetica neue',helvetica,arial,verdana,sans-serif;vertical-align:baseline;text-align:center;line-height:normal;color:rgb(83,86,90);font-variant-ligatures:normal"><h1 style="margin:0px;padding:0px;border:0px;font-weight:200;font-style:inherit;font-size:2rem;font-family:inherit;vertical-align:baseline;color:rgb(33,123,192);word-wrap:break-word">Step 2 - Done</h1><div class="gmail-j-content-header-author gmail-font-color-meta" style="margin:8px 0px 0px;padding:0px;border:0px;font-style:inherit;font-size:0.8571rem;font-family:inherit;vertical-align:baseline;color:rgb(139,139,139);line-height:1.286rem"><span title="Post" class="gmail-jive-icon-glyph gmail-icon-j-blogpost" style="margin:0px 5px 0px 0px;padding:0px;border:0px;font-size:1.143rem;font-family:jiveglyphs;vertical-align:baseline;speak:none;font-variant-ligatures:normal;line-height:1;color:rgb(49,184,134)"></span>Blog Post created by <a href="https://wecann.icann.org/people/edward.lewis%40icann.org" class="gmail-jive-username-link gmail-jiveTT-hover-user" style="margin:0px;padding:0px;border:0px;font-weight:600;font-style:inherit;font-size:11.9994px;font-family:inherit;vertical-align:baseline;color:rgb(140,169,205);text-decoration:none">Edward Lewis</a> on Oct 28, 2016</div></header><section class="gmail-j-content-body" style="margin:0px;padding:0px;border:0px;font-size:14px;font-family:'lucida grande','lucida sans unicode','lucida sans','dejavu sans','bitstream vera sans','liberation sans','helvetica neue',helvetica,arial,verdana,sans-serif;vertical-align:baseline;color:rgb(83,86,90);font-variant-ligatures:normal"><div class="gmail-jive-rendered-content" style="margin:0px;padding:30px 50px;border:0px;font-style:inherit;font-size:15px;font-family:inherit;vertical-align:baseline;overflow:visible;word-wrap:break-word;min-height:0px;line-height:1.73"><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word">October 27, 2016, around 2:50pm local time in Culpeper, Virginia, Alain Aina pressed two keyboard keys on a laptop and the new root zone DNSSEC Key Signing Key (aka "root KSK") was created. The first noticeable event of the KSK rollover has happened.</p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word;min-height:8pt"> </p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word">Step 2 is done.</p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word;min-height:8pt"> </p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word">Alain Aina is a Trusted Community Representative, one of the non-ICANN staff members who are called in to witness operations involving the root KSK. He was invited, as one of the TCRs in attendance, by the Ceremony Administrator, Kim Davies, to press the keys.</p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word;min-height:8pt"> </p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word">So. the new KSK exists. Although the public KSK is no secret, we are not publicizing it yet. That will wait until the new KSK makes its way into the appropriate devices in El Segundo. Today, October 28th, the new KSK will arrive but remain bagged in a safe until the next gathering of TCR in a few months. Until that gathering, because something might go wrong still (operators are very paranoid folks), we aren't publicizing the new KSK just yet.</p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word;min-height:8pt"> </p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word">Oh, what was step 1?</p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word;min-height:8pt"> </p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word">Step 1 was the behind-the-scenes, non-glitzy upgrade of the software needed to create the new KSK. In recent months, without fanfare, code was updated, checked, tested, audited by Punky Duero, Andres Pavez, Rick Lamb and maybe others I'm leaving out from ICANN staff. Within the project, this is a very essential step but draws little attention because there's no immediate result. No one tweets "the code passed QA!"</p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word;min-height:8pt"> </p><p style="margin:0px;padding:0px;border:0px;font-style:inherit;font-family:inherit;vertical-align:baseline;word-wrap:break-word">With step 2, we walked away with a shiny new KSK.</p></div></section><div><br></div>-- <br><div class="gmail_signature"><div>Pierre Dandjinou<br>Cotonou - 229 90 087784 / 66566610</div>
<div>Dakar 221 77 639 30 41</div>
<div><a href="http://www.scg.bj/" target="_blank">www.scg.bj</a></div>
<div>skype : sagbo1953</div>
<div><br> </div></div>
</div>