[ksk-rollover] new KSK in the DNS

Michael StJohns msj at nthpermutation.com
Thu Feb 8 22:43:54 UTC 2024

Just for curiosity, what's the new HSM platform?

Thanks - Mike

On 2/8/2024 10:32 AM, Kim Davies via ksk-rollover wrote:
> Quoting Yasuhiro Orange Morishita / 森下泰宏 via ksk-rollover on Thursday February 08, 2024:
>> ICANN announced that IANA planed to start pre-publish the new KSK in
>> the DNS in January 2024, but I haven't found it in the root zone yet.
>> Does anyone know the current status?
> The new Root Zone KSK we generated last year has effectively been
> abandoned. After it was generated, we learned that the hardware security
> modules we use are being discontinued by the manufacturer without a
> successor. Since the keys are not exportable, it didn't make sense to
> keep using it if we were going to change hardware. We undertook an
> exercise to identify an alternative HSM manufacturer, and it is planned
> the next Root Zone KSK will be generated on this new hardware in April.
> See
> https://www.iana.org/news/2023/update-on-hsms-and-rollover-plans-for-root-zone-ksk
> for more information.
> kim
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

More information about the ksk-rollover mailing list