SSAC Advisory on DNSSEC Key Rollover in the Root Zone (R-1)
| Date Issued | Document | Reference ID | Current Phase |
|---|---|---|---|
| SSAC Advisory on DNSSEC Key Rollover in the Root Zone (R-1) | SAC073 | CLOSED |
Description:
This is a Comment to the ICANN Board, the ICANN community, and the Internet community more broadly from the ICANN Security and Stability Advisory Committee (SSAC) on the Response to the IANA Stewardship Transition Coordination Group Request for Proposals on the IANA Stewardship Transition from the Cross Community Working Group on Naming Related Functions.
STATUS UPDATES
| Date | Phase | Type | Status Updates |
|---|---|---|---|
| Phase 5 | Phase Change | This Advice Item is now Closed. |
| Phase 5 | Board Update | Resolved (2021.05.12.16), the Board finds that ICANN org acted upon all Recommendations from SAC063, SAC073, and SAC102, as is evidenced by the successful first KSK Rollover. The Board considers SAC063, SAC073, and SAC102 to be completed. See full resolution at https://www.icann.org/resources/board-material/resolutions-2021-05-12-en#2.c |
| Phase 5 | Phase Update | Matt Larson sent a letter to Rod Rasmussen advising that SAC070 is complete (https://www.icann.org/en/system/files/correspondence/larson-to-rasmussen-13jan21-en.pdf). SAC063: SSAC Advisory on DNSSEC Key Rollover in the Root Zone, made five recommendations for actions to be taken by ICANN org related to the first root zone KSK rollover. SAC073: SSAC Comments on Root Zone Key Signing Key Rollover Plan, contained SSAC’s comments on the draft report of the root KSK rollover Design Team. SAC073 reiterated SSAC’s recommendations from SAC063 and called for ICANN org’s final plan to directly address each recommendation. SAC102: SSAC Comment on the Updated Plan for Continuing the Root KSK Rollover, was the response to the ICANN Board’s request that SSAC provide advice to the Board on the Plan for Continuing the Root KSK Rollover. SSAC advised continuing with the rollover. |
| Phase 5 | Phase Update | On 15 October 2018 ICANN org determined that the first-ever changing of the cryptographic key that helps protect the DNS has been completed with minimal disruption of the global Internet (https://www.icann.org/news/announcement-2018-10-15-en). See: https://www.icann.org/resources/pages/ksk-rollover. |
| Phase 5 | Phase Change | Now in Phase 5: Close |
| Phase 4 | Phase Update | The ICANN organization understands that SAC073 duplicates the advice sent by the SSAC in SAC063, with one distinction, which is as follows: To help the broader community to have a higher level of confidence in the anticipated success of this planned activity, and for ICANN Board to discharge its responsibilities with respect to recommendations from the SSAC, the SSAC would like to see the final report respond directly to each of the recommendations in SAC 063, and note in each case how the recommendation has been appropriately addressed in the proposed design, or in those cases where the recommendation is not specifically addressed, the rationale for this design decision. On 24 June 2017, the ICANN Board accepted this advice and directed the ICANN organization to implement per the ICANN organization's recommendation (https://www.icann.org/resources/board-material/resolutions-2017-06-24-en#2.b). On October 11, 2018 the new KSK begins to sign the root zone key set (the actual rollover event). See: https://www.icann.org/resources/pages/ksk-rollover. |
| Phase 4 | Phase Update | The ICANN organization understands that SAC073 duplicates the advice sent by the SSAC in SAC063, with one distinction, which is as follows: To help the broader community to have a higher level of confidence in the anticipated success of this planned activity, and for ICANN Board to discharge its responsibilities with respect to recommendations from the SSAC, the SSAC would like to see the final report respond directly to each of the recommendations in SAC 063, and note in each case how the recommendation has been appropriately addressed in the proposed design, or in those cases where the recommendation is not specifically addressed, the rationale for this design decision. On 24 June 2017, the ICANN Board accepted this advice and directed the ICANN organization to implement per the ICANN organization's recommendation (https://www.icann.org/resources/board-material/resolutions-2017-06-24-en#2.b). On October 11, 2017 the new KSK begins to sign the root zone key set (the actual rollover event). See: https://www.icann.org/resources/pages/ksk-rollover. |
| Phase 4 | Phase Change | Now in Phase 4: Implement |
| Phase 3 | Phase Update | The ICANN organization understands that SAC073 duplicates the advice sent by the SSAC in SAC063, with one distinction, which is as follows: To help the broader community to have a higher level of confidence in the anticipated success of this planned activity, and for ICANN Board to discharge its responsibilities with respect to recommendations from the SSAC, the SSAC would like to see the final report respond directly to each of the recommendations in SAC 063, and note in each case how the recommendation has been appropriately addressed in the proposed design, or in those cases where the recommendation is not specifically addressed, the rationale for this design decision. On 24 June 2017, the ICANN Board accepted this advice and directed the ICANN organization to implement per the ICANN organization's recommendation (https://www.icann.org/resources/board-material/resolutions-2017-06-24-en#2.b). |
| Phase 3 | Board Update | Resolved (2017.06.24.19), the Board adopts the SSAC recommendations outlined in the document titled "Implementation Recommendations for SSAC Advice Documents SAC062, SAC063, SAC064, SAC065, SAC070, and SAC073 (08 June 2017) [PDF, 433 KB]", and directs the CEO to implement the advice as described in the document. SAC073 proposed solution: Office of the CTO Research and Public Technical Identifiers (PTI) are jointly responsible for planning and executing the root KSK rollover project and a report as requested in SAC73. They have been tasked with writing the report requests in SAC073 that describes how the recommendations in SAC063 related to this project were addressed. See full resolution at https://www.icann.org/resources/board-material/resolutions-2017-06-24-en#2.b |
| Phase 3 | Phase Update | ICANN received SSAC's approval of understanding and is in the process of evaluating the advice. ICANN staff understands that SAC073 duplicates the advice sent by the SSAC in SAC063, with one distinction, which is as follows: To help the broader community to have a higher level of confidence in the anticipated success of this planned activity, and for ICANN Board to discharge its responsibilities with respect to recommendations from the SSAC, the SSAC would like to see the final report respond directly to each of the recommendations in SAC 063, and note in each case how the recommendation has been appropriately addressed in the proposed design, or in those cases where the recommendation is not specifically addressed, the rationale for this design decision. |
| Phase 3 | Phase Change | Now in Phase 3: Evaluate & Consider |
| Phase 2 | AP Feedback | SSAC confirmed understanding. |
| Phase 2 | Board Understanding | Understanding of Advice SAC073 / Case Number 1296 in large part duplicates the advice sent by the SSAC in SAC063 / Case Number 1295, with one distinction. Each of the five recommendations in SAC073 repeats verbatim one of the five recommendations in SAC063 - in fact, SAC063 is part of the SAC073 submission. There is one distinct recommendation in SAC073, which is as follows: "To help the broader community to have a higher level of confidence in the anticipated success of this planned activity, and for ICANN Board to discharge its responsibilities with respect to recommendations from the SSAC, the SSAC would like to see the final report respond directly to each of the recommendations in SAC 063, and note in each case how the recommendation has been appropriately addressed in the proposed design, or in those cases where the recommendation is not specifically addressed, the rationale for this design decision." Required Action If you agree with ICANN staff's understanding, reply to this email with the word YES in the first line of the email message. You can also add comments on the second line. If you do not agree with ICANN staff's understanding, reply to this email with the word NO in the first line. Please provide clarifying comments on the second line. |
| Phase 1 | Phase Update | SSAC published SAC073: SSAC Advisory on DNSSEC Key Rollover in the Root Zone: https://www.icann.org/en/system/files/files/sac-073-en.pdf. |
