[Dnssec-deployment] KSK Recovery (Was: Re: The list of TCRs please)

Joe Abley joe.abley at icann.org
Sat Jun 12 21:13:21 EDT 2010


On 2010-06-12, at 21:04, Doug Barton wrote:

> In regards to the idea of post-ICANN continuity, your summary of the 
> RKSH procedure doesn't discuss the method by which the RKSHes would be 
> able to access the escrowed secret key in a post-ICANN world. While I 
> can understand that publishing ALL of the details of such a plan might 
> not be prudent, can we safely assume that this eventuality has been 
> thought through, and that such a plan exists?

The need for such transition plans for both VeriSign and ICANN were included in the DoC's requirements for the project, and have been submitted.

See <http://www.ntia.doc.gov/DNS/DNSSEC_Requirements_102909.pdf> section 10.


Joe



More information about the Dnssec-deployment mailing list