[ksk-rollover] 答复: First Root KSK Rollover Successfully Completed

Davey Song(宋林健) ljsong at biigroup.cn
Tue Oct 16 09:49:54 UTC 2018

I had several bounce mails today from my Gmail to IETF's mail. It's weird. 
	The response from the remote server was:
	550 5.7.1 mail w9G8HQ5a028992 from 2607:f8b0:4864:20::72a rejected by DCC

The bounce may irrelevant with KSK. But an question came up to my mind that how can a user identify a failure caused by KSK rollover?


> -----邮件原件-----
> 发件人: ksk-rollover [mailto:ksk-rollover-bounces at icann.org] 代表 Edward
> Lewis
> 发送时间: 2018年10月16日 0:08
> 收件人: ksk-rollover at icann.org
> 主题: [ksk-rollover] First Root KSK Rollover Successfully Completed
> LOS ANGELES – 15 October 2018 – The Internet Corporation for Assigned
> Names and Numbers (ICANN) has determined that the first-ever changing of
> the cryptographic key that helps protect the Domain Name System (DNS) has
> been completed with minimal disruption of the global Internet. It was the first
> time the key has been changed since it was first put in use in 2010.
> After evaluation of the available data, there does not appear to be a significant
> number of Internet end-users who have been persistently and negatively
> impacted by the changing of the key.
> The few issues that have arisen appear to have been quickly mitigated and
> none suggested a systemic failure that would approach the threshold (as
> defined by the ICANN community) to initiate a reversal of the roll. In that
> context, it appears the rollover to the new Key Signing Key, known as KSK 2017,
> has been a success.
> At this point, there are no indications it is necessary to back out of the rollover
> and ICANN will now proceed to the next step in the rollover process: revoking
> the old KSK, known as KSK 2010 during the next key ceremony in the first
> quarter of 2019.
> "This successful exercise of the infrastructure necessary to roll the root zone's
> key has demonstrated it is possible to update the key globally," said David
> Conrad, ICANN's Chief Technology Officer. "It also provided important insights
> that will help us with future key rolls,"
> The final decision to roll the root zone Key Signing Key (KSK) was made by
> ICANN President and CEO Göran Marby after reviewing the outcomes of the
> efforts of ICANN and others, particularly in the Domain Name System (DNS)
> technical community. These outcomes were the result of significant global
> outreach efforts, in consultation with the ICANN community, and after
> extensive analysis of available data.
> With the final approvals in place, ICANN implemented the 16 September 2018
> resolution of ICANN's Board. The resolution stated that the organization should
> proceed with its revised plans to change or "roll" the key for the DNS root on 11
> October 2018.
> To learn more about the Root KSK Rollover, visit its dedicated webpage and
> primary source of information: http://www.icann.org/kskroll
> About ICANN
> ICANN's mission is to help ensure a stable, secure, and unified global Internet.
> To reach another person on the Internet, you need to type an address – a name
> or a number – into your computer or other device. That address must be
> unique so computers know where to find each other. ICANN helps coordinate
> and support these unique identifiers across the world. ICANN was formed in
> 1998 as a not-for-profit public-benefit corporation with a community of
> participants from all over the world.
> https://www.icann.org/news/announcement-2018-10-15-en
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover

More information about the ksk-rollover mailing list