[ksk-rollover] First Root KSK Rollover Successfully Completed

Warren Kumari warren at kumari.net
Tue Oct 16 14:54:10 UTC 2018 

I would like to publicly say that the KSK Roll went much much much better
than I was expecting / predicting, and to congratulate ICANN (and the OCTO
group in particular) for this.

W

On Mon, Oct 15, 2018 at 6:08 PM Edward Lewis <edward.lewis at icann.org> wrote:

> LOS ANGELES – 15 October 2018 – The Internet Corporation for Assigned
> Names and Numbers (ICANN) has determined that the first-ever changing of
> the cryptographic key that helps protect the Domain Name System (DNS) has
> been completed with minimal disruption of the global Internet. It was the
> first time the key has been changed since it was first put in use in 2010.
>
> After evaluation of the available data, there does not appear to be a
> significant number of Internet end-users who have been persistently and
> negatively impacted by the changing of the key.
>
> The few issues that have arisen appear to have been quickly mitigated and
> none suggested a systemic failure that would approach the threshold (as
> defined by the ICANN community) to initiate a reversal of the roll. In that
> context, it appears the rollover to the new Key Signing Key, known as KSK
> 2017, has been a success.
>
> At this point, there are no indications it is necessary to back out of the
> rollover and ICANN will now proceed to the next step in the rollover
> process: revoking the old KSK, known as KSK 2010 during the next key
> ceremony in the first quarter of 2019.
>
> "This successful exercise of the infrastructure necessary to roll the root
> zone's key has demonstrated it is possible to update the key globally,"
> said David Conrad, ICANN's Chief Technology Officer. "It also provided
> important insights that will help us with future key rolls,"
>
> The final decision to roll the root zone Key Signing Key (KSK) was made by
> ICANN President and CEO Göran Marby after reviewing the outcomes of the
> efforts of ICANN and others, particularly in the Domain Name System (DNS)
> technical community. These outcomes were the result of significant global
> outreach efforts, in consultation with the ICANN community, and after
> extensive analysis of available data.
>
> With the final approvals in place, ICANN implemented the 16 September 2018
> resolution of ICANN's Board. The resolution stated that the organization
> should proceed with its revised plans to change or "roll" the key for the
> DNS root on 11 October 2018.
>
> To learn more about the Root KSK Rollover, visit its dedicated webpage and
> primary source of information: http://www.icann.org/kskroll
>
> About ICANN
> ICANN's mission is to help ensure a stable, secure, and unified global
> Internet. To reach another person on the Internet, you need to type an
> address – a name or a number – into your computer or other device. That
> address must be unique so computers know where to find each other. ICANN
> helps coordinate and support these unique identifiers across the world.
> ICANN was formed in 1998 as a not-for-profit public-benefit corporation
> with a community of participants from all over the world.
>
> https://www.icann.org/news/announcement-2018-10-15-en
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
>
-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20181016/7d1e96f8/attachment.html>

More information about the ksk-rollover mailing list