RSSAC Report on Root Zone TTLs (R1)
Date Issued | Document | Reference ID | Current Phase |
---|---|---|---|
| RSSAC Report on Root Zone TTLs (R1) | RSSAC003 | CLOSED |
Description:
To address the DNSSEC problems identified in Section 6.4, the RSSAC recommends the Root Zone Management partners to increase the signature validity periods for signatures generated by both the KSK and the ZSK. KSK signature validity should be increased to at least 21 days. ZSK signature validity should be increased to at least 13 days.
STATUS UPDATES
Date | Phase | Type | Status Updates |
---|---|---|---|
| Closed | Phase Change | This Advice Item is now Closed |
| Phase 5 | Phase Update | Board Advice Completion Notification sent to the RSSAC for review. |
| Phase 5 | Phase Update | The ICANN org sent a letter to the ICANN Board informing them the implementation of RSSAC003 is complete: https://www.icann.org/en/system/files/correspondence/davies-to-chalaby-23apr18-en.pdf. |
| Phase 5 | Phase Change | Now in Phase 5: Close |
| Phase 4 | Phase Update | Notified RSSAC implementation of RSSAC003: RSSAC Report on Root Zone TTLs is complete. |
| Phase 4 | Phase Update | The signatures of the new validity periods in both the KSK and ZSK appeared in the DNS root zone. |
| Phase 4 | Phase Update | The key signing ceremony conducted with the new signature validity periods in the Verisign Key Signing Request (https://www.iana.org/dnssec/ceremonies/27). The signature validity period for the KSK was updated to 21 days per the RSSAC advice. The ZSK signature validity period was updated to 13 days per the RSSAC advice. |
| Phase 4 | Phase Change | Now in Phase 4: Implement |
| Phase 3 | Board Update | On 15 September 2016, the Board adopted the RSSAC advice for the KSK signature validity in RSSAC 003, and directs ICANN's President and CEO, or his designee, to proceed with implementing the KSK recommendations in RSSAC 003 in collaboration with the root zone management partners (https://www.icann.org/resources/board-material/resolutions-2016-09-15-en#1.a). |
| Phase 3 | Phase Change | Now in Phase 3: Evaluate & Consider |
Phase 2 | AP Feedback | RSSAC confirmed Understanding. | |
| Phase 2 | Phase Update | Understanding sent to RSSAC for review. |
| Phase 2 | Board Understanding | We, the ICANN staff, understand the advice to be as follows: ICANN Staff understands RSSAC recommends the Root Management Partners increase: 1) the signature validity period for the root zone KSK to 21 days; and 2) the signature validity period for the root zone ZSK to 13 days. ICANN staff further understands that RSSAC does not consider this issue urgent, however it should be addressed within "a reasonable amount of time" (which ICANN staff will assume will mean within 6 months) to allow for process document updates and software testing. |
| Phase 2 | Phase Change | Now in Phase 2: Understand |
| Phase 1 | Phase Update | ICANN acknowledged receipt of Advice. |
| Phase 1 | Phase Update | RSSAC Published RSSAC003: RSSAC Report on Root Zone TTLs: https://www.icann.org/en/system/files/files/rssac-003-root-zone-ttls-21aug15-en.pdf. |