FYI. If you have comments or questions, please contact Kim or one of the TCRs.
> Begin forwarded message: > > From: Kim Davies <kim.dav...@iana.org> > Subject: [RZERC] Contingency plans for the next Root KSK Ceremony > Date: 26 March 2020 at 01:52:29 GMT > To: "rz...@icann.org" <rz...@icann.org> > > Colleagues, > > (Feel free to circulate within your respective groups as you see fit.) > > The IANA team, and the broader ICANN organization, have been giving > significant thought to the Coronavirus pandemic and its impact on root zone > KSK operations. Managing the KSK is centred on conducting "key signing > ceremonies", where trusted community representatives (TCRs) attend from > around the world to witness utilization of the root zone KSK private key. > This approach seeks to engender trust in the broader community that the key > has not been compromised, in addition to more typical controls such as > third-party auditing. > > In light of world events we have developed contingency plans around how to > hold key ceremonies in the short term. To that end, we identified a graduated > set of options, in summary: > Hold the next ceremony as planned on April 23, with a quorum of participants > globally. > Hold the next ceremony on a different date using only US-based TCRs. > Hold the next ceremony using our disaster recovery procedure, which provides > for a staff-only ceremony (i.e. no TCRs would be physically present). > In general, our goal has been to navigate from Option 1, and if that is not > possible, Option 2, and so on. However, at this time, our focus is on > developing a plan around Option 3. > > The ceremony is currently scheduled unusually early in the quarter (it is > typically held in May), and needs to be held to generate signatures that will > be needed in production for July. Our contingency plan is comprised of: > > Holding the ceremony with a bare minimum of staff (approximately 6); > Using 3 TCRs’ credentials, either by having their access key transferred to > us in a secure manner in advance of the ceremony, or by drilling the safety > deposit box that holds their secure elements. > Holding the ceremony under typical audit coverage, allowing for remote > witnessing of events by all, plus providing additional opportunities for TCRs > to stay involved in the process remotely. > Signing key materials to cover one or more subsequent quarters, to provide > relief from the need to necessarily hold ceremonies later in 2020 if > circumstances disallow it. (The additional signatures would be withheld > securely until they are needed.) > Our key management facilities were designed with the disaster recovery > capability of performing staff-only ceremonies in mind, but this is a > significant shift from normal operations and we want to promote broader > community awareness of this work. Those directly involved in key ceremonies - > the trusted community representatives, our vendors and auditors - have been > consulted and are broadly supportive of this effort. > > Should there be any specific feedback you would like to share with our team, > please let me know or respond to this thread. We will take it into > consideration as we finalize our plans. > Thank you for your support.