KSK, ZSK and registry data escrow

Peter Koch pk at DENIC.DE
Wed Aug 30 12:59:52 EDT 2006


Dear all,

looking at the proposed new registry agreements for ORG, BIZ and INFO (see
(http://www.icann.org/announcements/announcement-2-28jul06.htm>), with
precedent already set by others, there's language in there that requires the
public and private key material for KSKs and ZSKs be made subject to escrow.
Now, you have to trust your escrow provider to a certain extent anyway, so the
risk may be limited, but still I wonder what the purpose -- and trade-offs --
of this requirement are, especially since this is the only key material that
is explicitly mentioned.
Why would a 'successor registry' not start over with its own, new keys?

-Peter



More information about the Dnssec-deployment mailing list