Deploy360 18 December 2014

ICANN Seeking Volunteers For DNSSEC Root KSK Rollover Plan Design Team

By Dan YorkDirector, Internet Technology

ICANN.jpgDo you want to help ICANN plan the best was to roll the root key used for DNSSEC?  Are you interested in being considered as a volunteer member of ICANN’s Root KSK Rollover Plan Design Team?  Recently ICANN staff sent a message to the public dnssec-coord mailing list and other various mailing lists asking for volunteers.  The “Solicitation of Statement of Internet for Membership in the Root Zone Key Signing Key Rollover Plan Design Team” (say that 10 times fast!) begins:

ICANN, as the IANA functions operator, in cooperation with Verisign as the Root Zone Maintainer and the National Telecommunications Information Administration (NTIA) as the Root Zone Administrator, together known as the Root Zone Management (RZM) partners, seek to develop a plan for rolling the root zone keysigning key (KSK). The KSK is used to sign the root zone zone-signing key (ZSK), which in turn is used to DNSSEC-sign the Internet’s root zone. The Root Zone Partners are soliciting five to seven volunteers from the community to participate in a Design Team to develop the Root Zone KSK Rollover Plan (“The Plan”). These volunteers along with the RZM partners will form the Design Team to develop The Plan.

The document goes on to list the requirements and the process.  Essentially, if you meet the requirements you need to send a message with the requested information to [email protected] by the end of the day on Friday, January 16, 2015.  The Root Zone Management partners will then choose from among the applicants to form the Design Team.

We’ve written here before about how incredibly important it is to get the Root KSK Rollover right, and so we commend ICANN for going through this process to create an appropriate Design Team.  We would encourage people with operational knowledge of DNSSEC and DNS in general to definitely read over the document and consider applying!

P.S. And if you don’t know about DNSSEC, or want more information, please visit our Start Here page to find out how to begin!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...