Deploy360 22 January 2015

Watch Live Today – DNSSEC Root KSK Ceremony 20 at 12:15 PST / 20:15 UTC

By Dan YorkDirector, Internet Technology

IANA logoStreaming live today from El Segundo, CA, will be the 20th “key ceremony” related to the Key Signing Key (KSK) for the Root zone of DNSSEC.  The page containing all the relevant links is at:

The ceremony starts at 12:15pm US Pacific Standard Time (20:15 UTC) and will conclude at 5:00 pm PST (01:00+1day UTC).  If you are interested in understanding more about the security of the overall DNSSEC system, the ceremony shows the process and care taken to administer the DNSSEC keys of the root of DNS.

The key ceremonies are part of the activities performed by the Internet Corporation for Assigned Names and Numbers (ICANN) under its contract to operate the Internet Assigned Numbers Authority (IANA). As explained on the overview page:

Ceremonies are usually conducted four times a year to perform operations using the Root Key Signing Key, and involving Trusted Community Representatives. In a typical ceremony, the KSK is used to sign a set of operational ZSKs that will be used for a three month period to sign the DNS root zone. Other operations that may occur during ceremonies include installing new cryptographic officers, replacing hardware, or generating or replacing a KSK.

This ceremony today is to use the “master” root Key Signing Key (KSK) to generate a set of Zone Signing Keys (ZSKs) that will then be used until the next key ceremony.

There is a lengthy script that outlines the process that will be used today:

The process is open via the live video stream for all to see. The video recording will also be archived for later viewing.

P.S. If you want to learn more about how to get started with DNSSEC, please visit our “Start Here” page to find resources focused on your type of role or organization.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...