[ksk-rollover] new KSK in the DNS

Kim Davies kim.davies at iana.org
Thu Feb 8 15:32:16 UTC 2024


Quoting Yasuhiro Orange Morishita / 森下泰宏 via ksk-rollover on Thursday February 08, 2024:
> 
> ICANN announced that IANA planed to start pre-publish the new KSK in
> the DNS in January 2024, but I haven't found it in the root zone yet.
> Does anyone know the current status?

The new Root Zone KSK we generated last year has effectively been
abandoned. After it was generated, we learned that the hardware security
modules we use are being discontinued by the manufacturer without a
successor. Since the keys are not exportable, it didn't make sense to
keep using it if we were going to change hardware. We undertook an
exercise to identify an alternative HSM manufacturer, and it is planned
the next Root Zone KSK will be generated on this new hardware in April.

See
https://www.iana.org/news/2023/update-on-hsms-and-rollover-plans-for-root-zone-ksk
for more information.

kim



More information about the ksk-rollover mailing list