[Dnssec-deployment] KSK Recovery (Was: Re: The list of TCRs please)
joe.abley at icann.org
Sat Jun 12 21:13:21 EDT 2010
On 2010-06-12, at 21:04, Doug Barton wrote:
> In regards to the idea of post-ICANN continuity, your summary of the
> RKSH procedure doesn't discuss the method by which the RKSHes would be
> able to access the escrowed secret key in a post-ICANN world. While I
> can understand that publishing ALL of the details of such a plan might
> not be prudent, can we safely assume that this eventuality has been
> thought through, and that such a plan exists?
The need for such transition plans for both VeriSign and ICANN were included in the DoC's requirements for the project, and have been submitted.
See <http://www.ntia.doc.gov/DNS/DNSSEC_Requirements_102909.pdf> section 10.
More information about the Dnssec-deployment