Revised DPS for the Root Zone KSK

Kim Davies kim.davies at icann.org
Thu May 26 21:32:22 UTC 2016


A revised edition of the Root Zone KSK DNSSEC Practice Statement
(DPS) has been published, and is effective immediately. The changes
from the previous edition are:

         *  Section 1.3.8: Change that relying parties must "stay
            informed" to "be informed".

         *  Section 2.2: Changed reference to non-specific reference
            document, as the trust anchor download documents are not
            finalized.

         *  Section 4.2.2: Expanded definition of the role of
            cryptographic officers for Tier 7.

         *  Section 5.2.9: Add reference to optional practice of
            exercising unused CO cards while deactivating the HSM.  This
            process was added at TCR suggestion as a method of
            confirming additional CO cards are properly functioning,
            even if they are not needed for a specific ceremony.

         *  Section 5.4.3: Clarified cryptographic officer method of
            accessing of smart cards used to activate the HSM.

         *  Minor editorial and layout changes: Updated contact details
            including ICANN's corporate address; Updated references to
            "VeriSign" to "Verisign" to reflect company's name
            capitalization change; Updated copyright notice on document;
            Convert authors to acknowledgements section, with document
            controller (ICANN PMA) listed as editor.

The revised DPS is available at https://www.iana.org/dnssec/icann-dps.txt

Kim Davies
Director, Technical Services
ICANN

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/mailman/private/root-dnssec-announce/attachments/20160526/cc2178c9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4554 bytes
Desc: not available
URL: <https://mm.icann.org/mailman/private/root-dnssec-announce/attachments/20160526/cc2178c9/smime.p7s>


More information about the root-dnssec-announce mailing list