ICANN Publishes Plans for Upcoming Key Signing Key Rollover


ICANN Publishes Plans for Upcoming Key Signing Key Rollover

ICANN today published plans outlining the operational processes required to change or “roll” the Root Zone Key Signing Key (KSK). The plans can be found here.

The KSK is a cryptographic public-private key pair, the public portion of which serves as the trusted starting point for Domain Name System Security Extensions (DNSSEC) validation. ICANN, in its role as the IANA Functions Operator, will change the current KSK which was originally created via processes defined in cooperation with the other Root Zone Management Partners: Verisign, who acted as the Root Zone Maintainer, and the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA), as the Root Zone Administrator.

The rollover plans detail implementation, monitoring, testing, and contingency processes designed to maintain operational stability and minimize end-user impact of the KSK rollover. The Root Zone Management Partners developed the plans that incorporate the Root Zone KSK Rollover Design Team recommendations [PDF, 1.01 MB].

For more information about the plans and operational processes involved in the KSK rollover, read this blog from ICANN’s Chief Technology Officer or access the Root Zone KSK Rollover page.

Notify of

Inline Feedbacks
View all comments