Streaming live today from El Segundo, CA, will be the 20th “key ceremony” related to the Key Signing Key (KSK) for the Root zone of DNSSEC. The page containing all the relevant links is at:
https://www.iana.org/dnssec/ceremonies/20
The ceremony starts at 12:15pm US Pacific Standard Time (20:15 UTC) and will conclude at 5:00 pm PST (01:00+1day UTC). If you are interested in understanding more about the security of the overall DNSSEC system, the ceremony shows the process and care taken to administer the DNSSEC keys of the root of DNS.
The key ceremonies are part of the activities performed by the Internet Corporation for Assigned Names and Numbers (ICANN) under its contract to operate the Internet Assigned Numbers Authority (IANA). As explained on the overview page:
Ceremonies are usually conducted four times a year to perform operations using the Root Key Signing Key, and involving Trusted Community Representatives. In a typical ceremony, the KSK is used to sign a set of operational ZSKs that will be used for a three month period to sign the DNS root zone. Other operations that may occur during ceremonies include installing new cryptographic officers, replacing hardware, or generating or replacing a KSK.
This ceremony today is to use the “master” root Key Signing Key (KSK) to generate a set of Zone Signing Keys (ZSKs) that will then be used until the next key ceremony.
There is a lengthy script that outlines the process that will be used today:
http://data.iana.org/ksk-ceremony/20/KC20_Scripts.pdf
The process is open via the live video stream for all to see. The video recording will also be archived for later viewing.
P.S. If you want to learn more about how to get started with DNSSEC, please visit our “Start Here” page to find resources focused on your type of role or organization.