[ksk-rollover] ceremonies in April, and managing things less critical and the KSK.

Michael Richardson mcr+ietf at sandelman.ca
Sat Apr 4 19:54:40 UTC 2020

I was locating appropriate references for explaining Key signing ceremonies,
and noticed the report of the safe problems at:

and then the schedule at:

in which April 23 is the next date.
Will travel bans cause a problem?  I kinda hope the travel bans are enforced.

    "Introduce HSM6E"
Does this mean that a new HSM device will be added?
I see RRSIG from keyid 20326 (current root) will expire 20200422000000.
Maybe there is another RRSIG hidden away that I can't see?

I am unclear from reading things over again how the ZSK gets to the ceremony.
Is a new ZSK keypair generated during the KSK, or is it generated elsewhere
and only the public part brought?

But, I started re-reading things because I was looking for pointers to
documents *less* secure practices for CA key management.  That's poor
let me try again: Practices for lower value assets than the KSK.

Michael Richardson <mcr+IETF at sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20200404/2bc9bd03/signature.asc>

More information about the ksk-rollover mailing list