November 20, 2014 archive

TDYR 186 – Japanese Dining Customs and other Reflections On My Short Visit

Some thoughts on dining customs in Japan and other cultural differences...

Watch Live Today at 13:00 US EST – DNSSEC Root KSK Ceremony 19

IANA logoIf you are interested in understanding a bit more about how the overall DNSSEC infrastructure operates, you can watch the “Root DNSSEC KSK Ceremony 19″ live today, November 20, 2014, from a data center in Culpeper, Virginia, USA, starting at 1:00 pm US Eastern time, which is 18:00 UTC.  All the information and the link to the live stream can be found at:

https://www.iana.org/dnssec/ceremonies/19

The key ceremonies are part of the activities performed by the Internet Corporation for Assigned Names and Numbers (ICANN) under its contract to operate the Internet Assigned Numbers Authority (IANA). As explained on the overview page:

Ceremonies are usually conducted four times a year to perform operations using the Root Key Signing Key, and involving Trusted Community Representatives. In a typical ceremony, the KSK is used to sign a set of operational ZSKs that will be used for a three month period to sign the DNS root zone. Other operations that may occur during ceremonies include installing new cryptographic officers, replacing hardware, or generating or replacing a KSK.

This ceremony today is to use the “master” root Key Signing Key (KSK) to generate a set of Zone Signing Keys (ZSKs) that will then be used until the next key ceremony.

There is a complete script that outlines the overall process that is used by ICANN to perform this operation today.  In the interest of transparency there is also a live video stream that will show the entire process and that will be archived for later viewing.

The “root key” is at the top of the “global chain of trust” that is used to ensure the correct validation of DNSSEC signatures (for more info see “The Two Sides of DNSSEC“) and so it is critical that the security and integrity of this root key be maintained.  Ceremonies such as the one today are a part of that effort.  If you are interested in learning more, today is a bit of a peek behind the curtain about how all of this happens…

P.S. If you want to learn more about how to get started with DNSSEC, please visit our “Start Here” page to find resources focused on your type of role or organization.