ICANN Publishes Plans for Upcoming Key Signing Key Rollover
ICANN today published plans outlining the operational processes required to change or “roll” the Root Zone Key Signing Key (KSK). The plans can be found here.
The KSK is a cryptographic public-private key pair, the public portion of which serves as the trusted starting point for Domain Name System Security Extensions (DNSSEC) validation. ICANN, in its role as the IANA Functions Operator, will change the current KSK which was originally created via processes defined in cooperation with the other Root Zone Management Partners: Verisign, who acted as the Root Zone Maintainer, and the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA), as the Root Zone Administrator.
The rollover plans detail implementation, monitoring, testing, and contingency processes designed to maintain operational stability and minimize end-user impact of the KSK rollover. The Root Zone Management Partners developed the plans that incorporate the Root Zone KSK Rollover Design Team recommendations [PDF, 1.01 MB].