[ksk-rollover] [Ext] Re: ICANN to generate new KSK

Andres Pavez andres.pavez at iana.org
Mon Mar 4 15:16:32 UTC 2024 

Hi Mike,
Please see my comments inline below.

On Fri, Mar 01, 2024 at 03:34:28PM -0500, Michael StJohns wrote:

> Hi - comments inline
> 
> 
> On 2/29/2024 2:50 PM, Andres Pavez wrote:
> > 
> > Hi Mike,
> > 
> > Thales Luna USB G7 HSM is a standalone hardware cryptographic module.
> > The cryptographic module is contained in its own enclosure that provides
> > physical resistance and tamper-evidence. Any tampering that might
> > compromise a module's security is detectable by visual inspection of the
> > physical integrity of a module.
> > 
> > Within the plastic enclosure, a hard opaque epoxy covers the circuitry
> > of the cryptographic module. Attempts to remove this epoxy will cause
> > sufficient damage to the cryptographic module so that it is rendered
> > inoperable.
> > 
> My ideal is that damage to the cryptographic module renders the key material
> unrecoverable and its unclear that 'inoperable module ' ~= 'unrecoverable
> key material'. From the description of the module, I would assume that the
> key material is stored in persistent flash or similar storage. It appears
> from the HSM description that an unpowered unit has no means to wipe its
> persistent storage.
> 

That is correct. 
We have established that each HSM will have only one key, and the lifecycle of the HSM will be aligned with the key lifecycle.
At the end of the key lifecycle, the key will be deleted, and each HSM will be tampered, and dismantled during a ceremony to be subsequently shredded.

BTW, a backup HSM will have a slightly different lifecycle, since we are planning to stagger it, but will follow the same termination procedure.

> Most similar systems (e.g. smart cards) do something like encrypting the
> keys under a PUF or a per device generated global key, but its possible
> that, with enough dollars, an attacker could either cause the device to emit
> the key, or make the key usable in some fashion.
> 
> Other HSMs in the same field (e.g. the Luna K7) support the erasure of this
> key encryption key on tamper. I'm kind of curious why you settled on this
> model rather than something with a bit more active protection. Here's the
> public policy document related to the L3 certification. https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$ <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$> <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$ <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$>> <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$ <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$> <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$ <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$>>> <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$ <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$> <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$ <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$>> <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$ <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$> <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$ <https://urldefense.com/v3/__https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb9pOhQJgg$>>>>
> [csrc[.]nist[.]gov]. Note that both the USB version above and this K7 talk
> about L3 + EFP. Interestingly, EFP means different things to different
> modules.
> 
> I did see the offhand comment about batteries being a single point of
> failure in the document you pointed to below... that was the single comment
> about active tamper. I hope the actual decision document spent more time on
> tamper than this.
> 
> > The module is designed to sense and respond to out-of-range temperature
> > conditions as well as out-of-range voltage conditions. The temperature
> > and voltage conditions are monitored in the power-on state. If the
> > module senses an out-of-range temperature or over voltage, the module
> > will reset itself, clear all working memory and log the event.
> > 
> This is generic fuzzing protection. It's good, sort of mandatory to be
> taken serious, but not unique. Credit cards have this. Unclear from the Luna
> HSM website if the module will zeroize itself under certain conditions.
> 
> > The module is accessed directly (i.e., electrically) over the USB
> > interface. It also has an LCD touchscreen for displaying system status.
> > 
> > It has a small internal backup battery (3.6V) that is only used to power
> > the module's real-time clock.
> > 
> Let's say the battery gives out in 5 years. Does this have any effect on
> the signing process? Does the RTC of the HSM module feed into the
> signature process? What functionality of the HSM, if any, is affected by the
> presence or failure of the RTC.?
> 

No, the signer software doesn’t use the time on the HSM. 
The audit log uses the time on the HSM. We have established the log rotation with the minimum values possible, that is, hourly, or after 4096k.
Part of the ceremony script is to synchronize the HSM clock with the ceremony laptop every time an HSM is activated.

> > The HSM will be stored in a Secure Transport Mode (STM). a random string
> > and a fingerprint of the internal state of the module is output from the
> > module. The fingerprint is a SHA2-256 digest of the random string,
> > module CSPs, firmware, module configuration information, and
> > non-volatile memory. Only the HSM Security Officer (SO) credential can
> > put the module into STM and take it out of STM.
> > 
> When in SecureTransportMode - are any of the keys super-encrypted? E.g. if
> it's stored in STM, is the key internally in a form that does not require
> decryption by the CO credentials? In other words, is this a policy wrapper
> to the key material or a cryptographic wrapper?
> 

When the HSM is in STM, only the SO can remove it from STM. The CO credential doesn’t have access when the HSM is in STM. 
Failure to use the correct SO credential or if the STM verification process fails triggers a tamper and the information is wiped. At that point, the only option is to factory reset the HSM to restore it to a factory state.

> What happens if the CO credentials are lost or stolen? Are they kept with
> or near the HSM?

No, all Crypto Officer credentials are stored in plastic cases within TEBs, stored in separate safe deposit boxes in a safe solely dedicated to storing credentials. The HSMs are stored in a different adjacent safe.

> 
> > Additionally, the HSM will be stored in a Tamper-Evident Bag (TEB)
> > inside of the safe.
> > 
> That's useful. Are the TEBs serialized? How and where are the serials
> recorded and is that record immutable? What is the process for verifying
> the non-tamper status of the bag?
> 

Yes, all TEBs are serialized, all TEBs are checked for tampering, and we maintain complete chain of custody.
I estimate that we spend around 80% of the ceremony thoroughly demonstrating chain of custody.

> Thanks for the previous answers - unfortunately they prompted the above
> questions.
> 

No problem, we are happy to answer any questions. Keeping the operation secure, open, and transparent is a priority for us.

> I have read the document whose link you provided below...
> 
> Later, Mike
> 
> 
> > More information about the analysis of the HSM selection can be found
> > here https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf&gt;>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf&gt;>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf&gt;>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf&gt;>> <https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf&amp;gt;&gt;>>
> > 
> > 
> > This goes into detail outlining the differences between the FIPS
> > security levels, tamper monitoring levels, etc.
> > 
> > Responding to your specific questions:
> > 
> > Is there an internal battery?
> > 
> > * Only the small internal backup battery (3.6V) is used to power the
> > module's real-time clock.
> > 
> > Is it replaceable?
> > 
> > * No
> > 
> > How often does this USB HSM need to be plugged into power to maintain
> > the internal battery?
> > 
> > * Doesn't have an internal battery to power the cryptographic module.
> > 
> > What happens if you leave it in a safe for a year - or alternately, how
> > long can the unit remain unplugged before it wipes its keys?
> > 
> > * The keys will remain in the HSM as long the HSM is not tampered.
> > 
> > What's the lifetime of the battery before replacement?
> > 
> > * There is no battery to power the cryptographic module that needs
> > replacement.
> > 
> > Best regards,
> > 
> > --
> > 
> > Andres Pavez
> > 
> > Cryptographic Key Manager
> > 
> > On 2/29/24, 10:21, "ksk-rollover on behalf of Michael StJohns via
> > ksk-rollover" <ksk-rollover-bounces at icann.org <mailto:ksk-rollover-bounces at icann.org> <mailto:ksk-rollover-bounces at icann.org <mailto:ksk-rollover-bounces at icann.org>> <mailto:ksk-rollover-bounces at icann.org <mailto:ksk-rollover-bounces at icann.org> <mailto:ksk-rollover-bounces at icann.org <mailto:ksk-rollover-bounces at icann.org>>> <mailto:ksk-rollover-bounces at icann.org <mailto:ksk-rollover-bounces at icann.org> <mailto:ksk-rollover-bounces at icann.org <mailto:ksk-rollover-bounces at icann.org>> <mailto:ksk-rollover-bounces at icann.org <mailto:ksk-rollover-bounces at icann.org> <mailto:ksk-rollover-bounces at icann.org <mailto:ksk-rollover-bounces at icann.org>>>> on behalf of
> > ksk-rollover at icann.org <mailto:ksk-rollover at icann.org> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>>> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>>>>> wrote:
> > 
> > Hi -
> > 
> > The product brief for the Luna USB G7 doesn't provide a lot of data. The
> > previous HSM provided level four hardware protection - e.g. a tamper
> > perimeter and the ability to zeroize the keys if someone tried to decap
> > the thing. That's almost entirely dependent on having a constant power
> > source - usually a three stage line/battery/capacitor model.
> > 
> > On the PCI cards, there's a Li ion battery - a rather large one - on the
> > card just in front of the tamper covered HSM engine. See https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$ <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$> <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$ <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$>> <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$ <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$> <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$ <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$>>> <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$ <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$> <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$ <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$>> <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$ <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$> <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$ <https://urldefense.com/v3/__https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm__;!!PtGJab4!8OsJ6jLmd6FGhwz-D4Xv6hGqg5dNcvSNqF-JAUvxV4EsfG_3k3jFV7WFvlTf6zwj0zWo7zGRCBvcFh8JDb_ADe6lfg$>>>>
> > [thalesdocs[.]com]
> > 
> > The older luna USB HSM had a battery compartment - I can't see one on
> > the images I've been able to find of the current one. It was also a
> > most Level 2 device with L3 security.
> > 
> > My questions are these: Is there an internal battery? Is it replaceable?
> > How often does this USB HSM need to be plugged into power to maintain
> > the internal battery? What happens if you leave it in a safe for a year
> > - or alternately, how long can the unit remain unplugged before it wipes
> > its keys? What's the lifetime of the battery before replacement?
> > 
> > Later, Mike
> > 
> > On 2/28/2024 7:20 PM, James Mitchell via ksk-rollover wrote:
> > 
> > ICANN has announced the schedule to generate the next KSK.
> > 
> > Generating a new KSK restarts the process announced last year,
> > which was suspended after it was identified that a supplier of key
> > equipment used to store the KSK (known as a Hardware Security
> > Module, or HSM) would be exiting the business during the expected
> > lifespan of the new KSK.
> > 
> > The next KSK will be generated on new Thales Luna USB G7 HSMs.
> > 
> > The announcement and information regarding the new HSMs is
> > published at
> > https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en&gt;>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en&gt;>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en&gt;>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en&gt;>> <https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en&amp;gt;&gt;>>.
> > 
> > James Mitchell
> > 
> > IANA
> > 
> > 
> > 
> > _______________________________________________
> > 
> > ksk-rollover mailing list
> > 
> > ksk-rollover at icann.org <mailto:ksk-rollover at icann.org> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>>> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org> <mailto:ksk-rollover at icann.org <mailto:ksk-rollover at icann.org>>>>
> > 
> > https://mm.icann.org/mailman/listinfo/ksk-rollover <https://mm.icann.org/mailman/listinfo/ksk-rollover> <https://mm.icann.org/mailman/listinfo/ksk-rollover> <https://mm.icann.org/mailman/listinfo/ksk-rollover>> <https://mm.icann.org/mailman/listinfo/ksk-rollover> <https://mm.icann.org/mailman/listinfo/ksk-rollover>> <https://mm.icann.org/mailman/listinfo/ksk-rollover>> <https://mm.icann.org/mailman/listinfo/ksk-rollover&gt;>> <https://mm.icann.org/mailman/listinfo/ksk-rollover> <https://mm.icann.org/mailman/listinfo/ksk-rollover>> <https://mm.icann.org/mailman/listinfo/ksk-rollover>> <https://mm.icann.org/mailman/listinfo/ksk-rollover&gt;>> <https://mm.icann.org/mailman/listinfo/ksk-rollover>> <https://mm.icann.org/mailman/listinfo/ksk-rollover&gt;>> <https://mm.icann.org/mailman/listinfo/ksk-rollover&gt;>> <https://mm.icann.org/mailman/listinfo/ksk-rollover&amp;gt;&gt;>>
> > 
> > _______________________________________________
> > 
> > By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy <https://www.icann.org/privacy/policy> <https://www.icann.org/privacy/policy> <https://www.icann.org/privacy/policy>> <https://www.icann.org/privacy/policy> <https://www.icann.org/privacy/policy>> <https://www.icann.org/privacy/policy>> <https://www.icann.org/privacy/policy&gt;>> <https://www.icann.org/privacy/policy> <https://www.icann.org/privacy/policy>> <https://www.icann.org/privacy/policy>> <https://www.icann.org/privacy/policy&gt;>> <https://www.icann.org/privacy/policy>> <https://www.icann.org/privacy/policy&gt;>> <https://www.icann.org/privacy/policy&gt;>> <https://www.icann.org/privacy/policy&amp;gt;&gt;>>) and the website Terms of Service (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos> <https://www.icann.org/privacy/tos> <https://www.icann.org/privacy/tos>> <https://www.icann.org/privacy/tos> <https://www.icann.org/privacy/tos>> <https://www.icann.org/privacy/tos>> <https://www.icann.org/privacy/tos&gt;>> <https://www.icann.org/privacy/tos> <https://www.icann.org/privacy/tos>> <https://www.icann.org/privacy/tos>> <https://www.icann.org/privacy/tos&gt;>> <https://www.icann.org/privacy/tos>> <https://www.icann.org/privacy/tos&gt;>> <https://www.icann.org/privacy/tos&gt;>> <https://www.icann.org/privacy/tos&amp;gt;&gt;>>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
> > 

Best regards,
-- 
Andres Pavez
Cryptographic Key Manager
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4863 bytes
Desc: not available
URL: <https://mm.icann.org/pipermail/ksk-rollover/attachments/20240304/72e37173/smime-0001.p7s>

More information about the ksk-rollover mailing list