Google Research

SAC108 - SSAC Comments on the IANA Proposal for Future Root Zone KSK Rollovers

  • Warren Kumari
  • Joe Abley
  • Jaap Akkerhuis
  • Tim April
  • KC Claffy
  • Patrik Fältström
  • James Galvin
  • Geoff Huston
  • Andrei Kolesnikov
  • Jacques Latour
  • Barry Leiba
  • Danny McPherson
  • Ram Mohan
  • Russ Mundy
  • Rod Rasmussen
ICANN Security and Stability Advisory Committee (SSAC) Reports and Advisories (2020), pp. 10


The DNS root zone was first signed with DNSSEC in 2010. On October 11, 2018 the DNSSEC Key Signing Key (KSK) was first rolled in the root zone. Having now completed that first roll, the Internet Assigned Numbers Authority (IANA) has asked the ICANN Community to respond to its plan for subsequent KSK rollovers. The SSAC would like to thank ICANN, and specifically IANA, for engaging with the technical community on planning related to KSK rollovers, and for incorporating past advice from the technical community into its current work.

This comment represents the SSAC's full input to IANA on its Proposal for Future Root Zone KSK Rollovers, which will henceforth be referred to in this document as the Proposal. The SSAC has previously commented on root zone KSK rollovers in SAC063, SAC073 and SAC102. This comment specifically addresses concerns relating to future KSK rolls, and focuses on items in the Proposal where the SSAC has concerns. In general, the SSAC is confident that the Proposal as written is an adequate and viable high-level plan and does not believe that further delay in planning for subsequent KSK rollovers is merited.

Learn more about how we do research

We maintain a portfolio of research projects, providing individuals and teams the freedom to emphasize specific types of work