[ksk-rollover] First Root KSK Rollover Successfully Completed

Warren Kumari warren at kumari.net
Tue Oct 16 14:54:10 UTC 2018

I would like to publicly say that the KSK Roll went much much much better
than I was expecting / predicting, and to congratulate ICANN (and the OCTO
group in particular) for this.


On Mon, Oct 15, 2018 at 6:08 PM Edward Lewis <edward.lewis at icann.org> wrote:

> LOS ANGELES – 15 October 2018 – The Internet Corporation for Assigned
> Names and Numbers (ICANN) has determined that the first-ever changing of
> the cryptographic key that helps protect the Domain Name System (DNS) has
> been completed with minimal disruption of the global Internet. It was the
> first time the key has been changed since it was first put in use in 2010.
> After evaluation of the available data, there does not appear to be a
> significant number of Internet end-users who have been persistently and
> negatively impacted by the changing of the key.
> The few issues that have arisen appear to have been quickly mitigated and
> none suggested a systemic failure that would approach the threshold (as
> defined by the ICANN community) to initiate a reversal of the roll. In that
> context, it appears the rollover to the new Key Signing Key, known as KSK
> 2017, has been a success.
> At this point, there are no indications it is necessary to back out of the
> rollover and ICANN will now proceed to the next step in the rollover
> process: revoking the old KSK, known as KSK 2010 during the next key
> ceremony in the first quarter of 2019.
> "This successful exercise of the infrastructure necessary to roll the root
> zone's key has demonstrated it is possible to update the key globally,"
> said David Conrad, ICANN's Chief Technology Officer. "It also provided
> important insights that will help us with future key rolls,"
> The final decision to roll the root zone Key Signing Key (KSK) was made by
> ICANN President and CEO Göran Marby after reviewing the outcomes of the
> efforts of ICANN and others, particularly in the Domain Name System (DNS)
> technical community. These outcomes were the result of significant global
> outreach efforts, in consultation with the ICANN community, and after
> extensive analysis of available data.
> With the final approvals in place, ICANN implemented the 16 September 2018
> resolution of ICANN's Board. The resolution stated that the organization
> should proceed with its revised plans to change or "roll" the key for the
> DNS root on 11 October 2018.
> To learn more about the Root KSK Rollover, visit its dedicated webpage and
> primary source of information: http://www.icann.org/kskroll
> About ICANN
> ICANN's mission is to help ensure a stable, secure, and unified global
> Internet. To reach another person on the Internet, you need to type an
> address – a name or a number – into your computer or other device. That
> address must be unique so computers know where to find each other. ICANN
> helps coordinate and support these unique identifiers across the world.
> ICANN was formed in 1998 as a not-for-profit public-benefit corporation
> with a community of participants from all over the world.
> https://www.icann.org/news/announcement-2018-10-15-en
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20181016/7d1e96f8/attachment.html>

More information about the ksk-rollover mailing list