Last month, the Internet Corporation for Assigned Names and Numbers (ICANN) published the operational plans to “roll” the Root Zone Key Signing Key (KSK) for the first time since the key was generated in 2010.
The KSK is a cryptographic public-private key pair, the public portion of which serves as the trusted starting point for Domain Name System Security Extensions (DNSSEC) validation.
The rollover plans detail the implementation, monitoring, testing, and contingency processes designed to maintain operational stability and minimize end-user impact of the KSK rollover. The plans are available in English and Simplified Chinese.
The KSK rollover is scheduled to begin in Q4 of 2016 and will take around two years to complete.
Read Geoff Huston’s post Rolling the Root for more information about the importance of the rollover process and why the KSK of the DNS’s Root Zone is so special. You can also keep up to date via ICANN’s Root Zone KSK Rollover page.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.