Root Zone DNSSEC Deployment Technical Status Update 2010-06-18
This is the ninth of a series of technical status updates intended to inform a technical audience on progress in signing the root zone of the DNS.
RESOURCES
Details of the project, including documentation published to date, can be found at http://www.root-dnssec.org/.
We'd like to hear from you. If you have feedback for us, please send it to rootsign@icann.org.
KSK CEREMONY 1 COMPLETE
The first KSK ceremony for the root zone was completed this week in Culpeper, VA, USA. The Ceremony Administrator was Mehmet Akcin.
The first production KSK has now been generated. This is the key that is scheduled to be put into service on 2010-07-15.
The first production Key Signing Request (KSR) generated by VeriSign has now been processed by ICANN using the root zone KSK, and the resulting Signed Key Response (KSR) has been accepted by VeriSign. This SKR contains signatures for Q3 2010, for use between 2010-07-01 and 2010-09-30.
Audit materials relating to the first ceremony will be published as soon as is practical, and in particular before 2010-07-15.
The KSK and SKR generated during this ceremony will not be approved for production until the KSK key pair has been successfully transported to ICANN's west-coast ceremony facility in El Segundo, CA, USA, and placed in secure storage.
KSK CEREMONY 2 SCHEDULED
The second KSK ceremony for the root zone is scheduled to take place in El Segundo, CA, USA on 2010-07-12. Replication of key materials onto west-coast HSMs, enrolment of west-coast crypto officers and processing of the Q4 2010 KSR (for production use between 2010-10-01 and 2010-12-31) will take place during this ceremony.
PLANNED DEPLOYMENT SCHEDULE
Already completed:
2010-01-27: L starts to serve DURZ
2010-02-10: A starts to serve DURZ
2010-03-03: M, I start to serve DURZ
2010-03-24: D, K, E start to serve DURZ
2010-04-14: B, H, C, G, F start to serve DURZ
2010-05-05: J starts to serve DURZ
2010-06-16: First Key Signing Key (KSK) Ceremony
To come:
2010-07-12: Second Key Signing Key (KSK) Ceremony
2010-07-15: Distribution of validatable, production, signed root zone; publication of root zone trust anchor
(Please note that this schedule is tentative and subject to change based on testing results or other unforeseen factors.)