ICANN: Review of Trusted Community Representation in Root Zone DNSSEC Key Signing Ceremonies
Purpose (Brief): Based on feedback from the current TCRs and our experience from the first 14 ceremonies, we are reviewing what changes, if any, should be made to the current model of Trusted Community Representative participation. Based on feedback from the current TCRs and our experience from the first 14 ceremonies, we are reviewing [PDF, 321 KB] what changes, if any, should be made to the current model of Trusted Community Representative participation.
Since July 2010, the DNS Root Zone has been secured using DNSSEC . The model of using DNSSEC in the DNS Root Zone revolves around a “key signing key” (KSK) that is managed by ICANN in two secure facilities. Four times a year, a ceremony is conducted at these facilities to perform operations involving the KSK. As a key part of this process, a minimum of three from a pool of 21 trusted community representatives (TCRs) attend each ceremony to enable access to the secure materials, to witness the procedure, and to attest that the ceremony was conducted properly.
- Consultation document [PDF, 321 KB]
- Information about DNSSEC for the Root Zone
- DNSSEC Practice Statement for the Root Zone KSK Operator
- Archive of ceremony audit bundles
- TCR Selection 2010
- Trusted Community Representatives – Proposed Approach to Root Key Management [PDF, 102 KB]
Comment / Reply Periods
- Comment Open Date: 21 January 2014
- Comment Close Date: 11 February 2014 – 23:59 UTC
- Reply Open Date: 12 February 2014
- Reply Close Date: 4 March 2014 – 23:59 UTC
Important Information Links
- Public Comment Announcement
- This email address is being protected from spambots. You need JavaScript enabled to view it.
- View Comments Submitted
www.icann.org/en/news/public-comment/tcr-dnssec-key-signing-21jan14-en.htm
