[ksk-rollover] ceremonies in April, and managing things less critical and the KSK.
Michael Richardson
mcr+ietf at sandelman.ca
Sat Apr 4 19:54:40 UTC 2020
I was locating appropriate references for explaining Key signing ceremonies,
and noticed the report of the safe problems at:
https://www.theregister.co.uk/2020/02/13/iana_dnssec_ksk_delay/
https://www.icann.org/news/blog/root-key-signing-key-ceremony-postponed
and then the schedule at:
https://www.iana.org/dnssec/ceremonies
in which April 23 is the next date.
Will travel bans cause a problem? I kinda hope the travel bans are enforced.
"Introduce HSM6E"
Does this mean that a new HSM device will be added?
I see RRSIG from keyid 20326 (current root) will expire 20200422000000.
Maybe there is another RRSIG hidden away that I can't see?
https://www.iana.org/dnssec/icann-dps.txt
I am unclear from reading things over again how the ZSK gets to the ceremony.
Is a new ZSK keypair generated during the KSK, or is it generated elsewhere
and only the public part brought?
But, I started re-reading things because I was looking for pointers to
documents *less* secure practices for CA key management. That's poor
wording.
let me try again: Practices for lower value assets than the KSK.
--
Michael Richardson <mcr+IETF at sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20200404/2bc9bd03/signature.asc>
More information about the ksk-rollover
mailing list