[dnssec-deployment] KSK, ZSK and registry data escrow

Steve Crocker steve at shinkuro.com
Wed Aug 30 13:16:51 EDT 2006


Peter,

Thanks for bringing this up.  I hadn't tracked this through the  
entire process, but I think I did say something about this during the  
comment process.

If want to suggest something more appropriate, I'll be glad to  
shepherd it through the ICANN system.

Steve


Steve Crocker
steve at shinkuro.com

Try Shinkuro's collaboration technology.  Visit www.shinkuro.com.  I  
am steve!shinkuro.com.


On Aug 30, 2006, at 12:59 PM, Peter Koch wrote:

> Dear all,
>
> looking at the proposed new registry agreements for ORG, BIZ and  
> INFO (see
> (http://www.icann.org/announcements/announcement-2-28jul06.htm>), with
> precedent already set by others, there's language in there that  
> requires the
> public and private key material for KSKs and ZSKs be made subject  
> to escrow.
> Now, you have to trust your escrow provider to a certain extent  
> anyway, so the
> risk may be limited, but still I wonder what the purpose -- and  
> trade-offs --
> of this requirement are, especially since this is the only key  
> material that
> is explicitly mentioned.
> Why would a 'successor registry' not start over with its own, new  
> keys?
>
> -Peter
>
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here: <http://mail.shinkuro.com:8100/ 
> Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>




More information about the Dnssec-deployment mailing list