SAC108 - SSAC Comments on the IANA Proposal for Future Root Zone KSK Rollovers
Abstract
The DNS root zone was first signed with DNSSEC in 2010. On October 11, 2018 the DNSSEC
Key Signing Key (KSK) was first rolled in the root zone. Having now completed that first roll,
the Internet Assigned Numbers Authority (IANA) has asked the ICANN Community to respond
to its plan for subsequent KSK rollovers. The SSAC would like to thank ICANN, and
specifically IANA, for engaging with the technical community on planning related to KSK
rollovers, and for incorporating past advice from the technical community into its current work.
This comment represents the SSAC's full input to IANA on its Proposal for Future Root Zone
KSK Rollovers, which will henceforth be referred to in this document as the Proposal.
The SSAC has previously commented on root zone KSK rollovers in SAC063, SAC073 and
SAC102. This comment specifically addresses concerns relating to future KSK rolls, and focuses
on items in the Proposal where the SSAC has concerns. In general, the SSAC is confident that
the Proposal as written is an adequate and viable high-level plan and does not believe that further
delay in planning for subsequent KSK rollovers is merited.
Research Areas
