From aaron.foley at iana.org Mon Jan 13 17:44:56 2020 From: aaron.foley at iana.org (Aaron Foley) Date: Mon, 13 Jan 2020 17:44:56 +0000 Subject: KSK 40 | El Segundo | 12 Feb 2020 | 1 Month Reminder Message-ID: To Whom It May Concern, This is a 1 month reminder prior to the West Coast Root DNSSEC KSK Ceremony 40. The ceremony will be held on February 12th, 2020 (Thursday) at the Root Zone Key Management Facility in El Segundo, CA, USA. February 13th, 2019 (Friday) will be reserved for the backup date. Details regarding the ceremony: https://www.iana.org/dnssec/ceremonies/40 Aaron Foley Cryptographic Key Manager-IANA Aaron.Foley at iana.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron.foley at iana.org Mon Jan 13 21:03:41 2020 From: aaron.foley at iana.org (Aaron Foley) Date: Mon, 13 Jan 2020 21:03:41 +0000 Subject: KSK 41 | April 23, 2020 | Culpeper, VA Message-ID: <42204212-3E50-4B75-B128-16B3A44715A0@iana.org> To Whom It May Concern, This is to announce that the Root DNSSEC KSK Ceremony 41 will be held on April 23, 2020 (Thursday) at the ICANN Key Management Facility in Culpeper, VA. April 24th, 2019 (Friday) will be reserved for the backup date. Aaron Foley Cryptographic Key Manager-IANA Aaron.Foley at iana.org -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2028 bytes Desc: not available URL: From kim.davies at iana.org Wed Feb 12 04:21:18 2020 From: kim.davies at iana.org (Kim Davies) Date: Wed, 12 Feb 2020 04:21:18 +0000 Subject: Rescheduling Root KSK Ceremony 40 Message-ID: The 40th Root Key Signing Key Ceremony, originally scheduled for 12 February 2020 at 2100 UTC in El Segundo, California, is being postponed. During routine administrative maintenance of our Key Management Facility on 11 February, we identified an equipment malfunction that will prevent us from successfully conducting the ceremony as originally scheduled. The issue disables access to one of the secure safes that contains material for the ceremony. We are currently evaluating our options to reschedule the ceremony. We maintain a complete replica facility in Culpeper, Virginia, and the ceremony may be moved to that location depending on the nature and resolution time for the fault. We will provide further updates as our contingency plans evolve. There is no risk to the secure elements within our facility, and there will be no service interruption to DNSSEC as a result of this issue. We have multiple redundancies and we anticipate being able to relocate and reschedule ceremonies. We apologize for the inconvenience the attendees who had already travelled to participate in the ceremony. This is the first time a ceremony has needed to be rescheduled in the 10 year history of KSK management. Kim Davies VP, IANA Services, ICANN President, Public Technical Identifiers (PTI) -------------- next part -------------- An HTML attachment was scrubbed... URL: From kim.davies at iana.org Thu Feb 13 02:02:21 2020 From: kim.davies at iana.org (Kim Davies) Date: Thu, 13 Feb 2020 02:02:21 +0000 Subject: Update on Root KSK Ceremony 40 Message-ID: <2A9C6C25-71CF-4097-B854-DB54CCB3E376@iana.org> As an update to yesterday?s postponement: Once we had ascertained we could not conduct the ceremony as originally scheduled, our first priority was to notify all impacted parties of the need to postpone. Once that was complete, we spent the evening reviewing our options with input from our expert staff and contractors. Today, we held a briefing with the Trusted Community Representatives to discuss the equipment failure, our proposed approach to correct the fault, and possible dates to reschedule the ceremony. It was a very useful discussion where we explored the issues and developed a plan for moving forward. The work to repair the malfunction is scheduled for Friday, 14 February. If this work is successfully completed on time, we expect to hold the Key Ceremony on Saturday, 15 February at 18:00 UTC. If further work is needed, we expect to know this by late Friday, and the new date for the ceremony will be announced in the upcoming weeks. I'd particularly like to recognize the flexibility and willingness of the TCRs, our auditors, the RZM and our staff to make this happen. kim Kim Davies VP, IANA Services, ICANN President, Public Technical Identifiers (PTI) -------------- next part -------------- An HTML attachment was scrubbed... URL: From kim.davies at iana.org Sat Feb 15 16:54:11 2020 From: kim.davies at iana.org (Kim Davies) Date: Sat, 15 Feb 2020 16:54:11 +0000 Subject: Update on Root KSK Ceremony 40 In-Reply-To: <2A9C6C25-71CF-4097-B854-DB54CCB3E376@iana.org> References: <2A9C6C25-71CF-4097-B854-DB54CCB3E376@iana.org> Message-ID: An update as of Saturday, 15 February 1600 UTC: Remediation work is continuing on the safe. We will not be able to start the ceremony at 1800 UTC today, but still seek to perform it later in the day. We expect to be able to provide a more definitive start time once repairs get further along. kim -------------- next part -------------- An HTML attachment was scrubbed... URL: From kim.davies at iana.org Sat Feb 15 22:10:33 2020 From: kim.davies at iana.org (Kim Davies) Date: Sat, 15 Feb 2020 22:10:33 +0000 Subject: Root KSK Ceremony 40 scheduled for 0000 UTC Message-ID: <70E88338-119C-429E-9144-9E15F7D6FDA7@iana.org> We have successfully opened the safe with the failed mechanism, and are in the final stages of remediation, with the repair work and installation of a new lock underway. We are therefore arranging resources to start the KSK Ceremony 40 at 0000 UTC, or shortly thereafter. Work to repair the safe has been ongoing since Friday morning, and again I?d like to acknowledge the patience and work of everyone involved. There ceremony information page with script and live streaming link is at https://www.iana.org/dnssec/ceremonies/40 kim Kim Davies VP, IANA Services, ICANN President, Public Technical Identifiers (PTI) -------------- next part -------------- An HTML attachment was scrubbed... URL: From aaron.foley at iana.org Sat Mar 7 01:30:37 2020 From: aaron.foley at iana.org (Aaron Foley) Date: Sat, 7 Mar 2020 01:30:37 +0000 Subject: Root DNSSEC KSK Ceremony 40 Materials Message-ID: <6C5611C7-055A-4CE9-BF74-A0AA814C04F8@iana.org> To Whom It May Concern, The materials for the Root DNSSEC KSK Ceremony 40 have been published and are now available at the URL below. https://www.iana.org/dnssec/ceremonies/40 Regards, Aaron Foley Cryptographic Key Manager-IANA Aaron.Foley at iana.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From kim.davies at iana.org Thu Mar 26 01:52:07 2020 From: kim.davies at iana.org (Kim Davies) Date: Thu, 26 Mar 2020 01:52:07 +0000 Subject: Contingency plans for the next Root KSK Ceremony Message-ID: The IANA team, and the broader ICANN organization, have been giving significant thought to the Coronavirus pandemic and its impact on root zone KSK operations. Managing the KSK is centred on conducting "key signing ceremonies", where trusted community representatives (TCRs) attend from around the world to witness utilization of the root zone KSK private key. This approach seeks to engender trust in the broader community that the key has not been compromised, in addition to more typical controls such as third-party auditing. In light of world events we have developed contingency plans around how to hold key ceremonies in the short term. To that end, we identified a graduated set of options, in summary: 1. Hold the next ceremony as planned on April 23, with a quorum of participants globally. 2. Hold the next ceremony on a different date using only US-based TCRs. 3. Hold the next ceremony using our disaster recovery procedure, which provides for a staff-only ceremony (i.e. no TCRs would be physically present). In general, our goal has been to navigate from Option 1, and if that is not possible, Option 2, and so on. However, at this time, our focus is on developing a plan around Option 3. The ceremony is currently scheduled unusually early in the quarter (it is typically held in May), and needs to be held to generate signatures that will be needed in production for July. Our contingency plan is comprised of: * Holding the ceremony with a bare minimum of staff (approximately 6); * Using 3 TCRs? credentials, either by having their access key transferred to us in a secure manner in advance of the ceremony, or by drilling the safety deposit box that holds their secure elements. * Holding the ceremony under typical audit coverage, allowing for remote witnessing of events by all, plus providing additional opportunities for TCRs to stay involved in the process remotely. * Signing key materials to cover one or more subsequent quarters, to provide relief from the need to necessarily hold ceremonies later in 2020 if circumstances disallow it. (The additional signatures would be withheld securely until they are needed.) Our key management facilities were designed with the disaster recovery capability of performing staff-only ceremonies in mind, but this is a significant shift from normal operations and we want to promote broader community awareness of this work. Those directly involved in key ceremonies - the trusted community representatives, our vendors and auditors - have been consulted and are broadly supportive of this effort. Should there be any specific feedback you would like to share with our team, please email me and we will take it into consideration as we finalize our plans. Thank you for your support, Kim Davies VP, IANA Services, ICANN President, Public Technical Identifiers (PTI) -------------- next part -------------- An HTML attachment was scrubbed... URL: From kim.davies at iana.org Tue Apr 14 18:11:25 2020 From: kim.davies at iana.org (Kim Davies) Date: Tue, 14 Apr 2020 18:11:25 +0000 Subject: Update on KSK Ceremony 41 Message-ID: <3BD69936-0C13-46E3-B8B8-8619D7124BD2@iana.org> We are preparing for important changes to how we conduct KSK Ceremony 41. In light of the global coronavirus pandemic, and the restrictions on personnel mobility, our team has assessed that our best approach for conducting the upcoming ceremony is to perform it using minimum personnel. Our approach has been informed by dialogue in various forums and with our partners. We expect to hold the ceremony at the same time as originally scheduled of 23 April 2020, 1700 UTC. However, the ceremony will now be held in our west coast facility in El Segundo, California. The ceremony page has been updated with this detail: https://www.iana.org/dnssec/ceremonies/41 These revised plans are subject to executive and board approval, expected later this week. Following formal approval we will share more comprehensive details. Kim Davies VP, IANA Services, ICANN President, Public Technical Identifiers (PTI) -------------- next part -------------- An HTML attachment was scrubbed... URL: From andres.pavez at iana.org Tue May 5 02:32:15 2020 From: andres.pavez at iana.org (Andres Pavez) Date: Tue, 5 May 2020 02:32:15 +0000 Subject: Root DNSSEC KSK Ceremony 41 Materials Message-ID: <7975C689-C442-4E15-A7C2-FDEF3EE5A650@iana.org> To Whom It May Concern, The materials for the Root DNSSEC KSK Ceremony 41 have been published and are now available at the URL below. https://www.iana.org/dnssec/ceremonies/41 Best regards, -- Andres Pavez Cryptographic Key Manager -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4603 bytes Desc: not available URL: From andres.pavez at iana.org Tue Aug 18 17:29:12 2020 From: andres.pavez at iana.org (Andres Pavez) Date: Tue, 18 Aug 2020 17:29:12 +0000 Subject: SKR 2020-Q4 Has been Transmitted to Verisign Message-ID: To Whom It May Concern, The SKR 2020-Q4 [1] generated at Root DNSSEC KSK Ceremony 41 has been successfully transmitted to Verisign. Due to the evolving pandemic, 3 KSRs were signed at Root DNSSEC KSK Ceremony 41 [2] on 23 April 2020. This allows for sufficient flexibility in these uncertain times [3]. The SKR 2020-Q4 was transmitted to Verisign, in the approximate time frame it would have been according to typical ceremony scheduling. This is the second of three SKRs generated at Root DNSSEC KSK Ceremony 41. The third SKR will be transmitted in approximately three months. [1] https://data.iana.org/ksk-ceremony/41/ksrsigner-20200423-185053.log [2] https://www.iana.org/dnssec/ceremonies/41 [3] https://data.iana.org/ksk-ceremony/41/KC41_qa.pdf Best regards, -- Andres Pavez Cryptographic Key Manager -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4603 bytes Desc: not available URL: From kim.davies at iana.org Wed Oct 28 20:57:15 2020 From: kim.davies at iana.org (Kim Davies) Date: Wed, 28 Oct 2020 13:57:15 -0700 Subject: IANA 2020 Engagement Survey Message-ID: <20201028205715.GA90507@KIDA-0000.local> Dear Root KSK Community, Please help us evolve our engagement approach. As a valued member of one of our key communities, your opinion is essential to helping us improve. We have revamped the IANA annual engagement survey using the feedback received last year. We also want to share our findings with you. As a thank you for taking part, you will receive a complimentary summary of our findings and outcomes. WHAT NEXT? Please use this link to take part: https://surveys6.jibunu.com/EchoResearch_0002/index.aspx?l=2§ion=kt47 ABOUT THE SURVEY - It should only take a few minutes to complete; - It is being conducted by Echo Research, an independent market research company, on behalf of the IANA services provider PTI (an affiliate of ICANN); - Your data confidentiality is assured. Echo Research is committed to protecting the confidentiality of all respondents, and in doing so will follow GDPR guidelines as detailed by EFAMRO, the European Research Federation, written for market research members of ESOMAR world research, and The Market Research Society (MRS). If you have any questions about the survey, please contact Marilia Hirano at marilia.hirano at iana.org Thank you very much for your time, Kim Davies, on behalf of our vendor, Ruth David Senior Account Executive Echo Research ruth.david at echoresearch.com http://www.echoresearch.com From andres.pavez at iana.org Mon Nov 16 21:56:09 2020 From: andres.pavez at iana.org (Andres Pavez) Date: Mon, 16 Nov 2020 21:56:09 +0000 Subject: SKR 2021-Q1 Transmitted to Verisign Message-ID: <49572264-C022-4A42-8173-FDF689962728@iana.org> To Whom It May Concern, Today, the last SKR generated at Root DNSSEC KSK Ceremony 41 covering 2021-Q1 [1] has been successfully transmitted to Verisign. Due to the evolving pandemic, 3 KSRs were signed at Root DNSSEC KSK Ceremony 41 [2] on 23 April 2020 allowing sufficient flexibility in these uncertain times [3]. [1] https://data.iana.org/ksk-ceremony/41/ksrsigner-20200423-185433.log [2] https://www.iana.org/dnssec/ceremonies/41 [3] https://data.iana.org/ksk-ceremony/41/KC41_qa.pdf Best regards, -- Andres Pavez Cryptographic Key Manager -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4603 bytes Desc: not available URL: From andres.pavez at iana.org Fri Dec 18 21:08:37 2020 From: andres.pavez at iana.org (Andres Pavez) Date: Fri, 18 Dec 2020 21:08:37 +0000 Subject: KSK Ceremony 42 Date and Plan Message-ID: To Whom It May Concern, We are pleased to announce that the contingency plan for KSK Ceremony 42 has been approved by the ICANN Board, and 11 February 2021 has been selected for the ceremony date. KSK Ceremony 42 will be held at KMF West similarly to the previous KSK Ceremony 41 held 23 April 2020 with limited personnel; seven in-person local staff in attendance. Three quarters of signatures will be generated at KSK Ceremony 42. This will set the requirement for a follow up ceremony to 2021Q4. Live online streaming via YouTube will be available as usual for other observers and interested parties. Best regards, -- Andres Pavez Cryptographic Key Manager -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2030 bytes Desc: not available URL: