FYI.

If you have comments or questions, please contact Kim or one of the TCRs.

> Begin forwarded message:
> 
> From: Kim Davies <kim.dav...@iana.org>
> Subject: [RZERC] Contingency plans for the next Root KSK Ceremony
> Date: 26 March 2020 at 01:52:29 GMT
> To: "rz...@icann.org" <rz...@icann.org>
> 
> Colleagues,
>  
> (Feel free to circulate within your respective groups as you see fit.)
>  
> The IANA team, and the broader ICANN organization, have been giving 
> significant thought to the Coronavirus pandemic and its impact on root zone 
> KSK operations. Managing the KSK is centred on conducting "key signing 
> ceremonies", where trusted community representatives (TCRs) attend from 
> around the world to witness utilization of the root zone KSK private key. 
> This approach seeks to engender trust in the broader community that the key 
> has not been compromised, in addition to more typical controls such as 
> third-party auditing.
>  
> In light of world events we have developed contingency plans around how to 
> hold key ceremonies in the short term. To that end, we identified a graduated 
> set of options, in summary:
> Hold the next ceremony as planned on April 23, with a quorum of participants 
> globally.
> Hold the next ceremony on a different date using only US-based TCRs.
> Hold the next ceremony using our disaster recovery procedure, which provides 
> for a staff-only ceremony (i.e. no TCRs would be physically present).
> In general, our goal has been to navigate from Option 1, and if that is not 
> possible, Option 2, and so on. However, at this time, our focus is on 
> developing a plan around Option 3.
>  
> The ceremony is currently scheduled unusually early in the quarter (it is 
> typically held in May), and needs to be held to generate signatures that will 
> be needed in production for July. Our contingency plan is comprised of:
>  
> Holding the ceremony with a bare minimum of staff (approximately 6);
> Using 3 TCRs’ credentials, either by having their access key transferred to 
> us in a secure manner in advance of the ceremony, or by drilling the safety 
> deposit box that holds their secure elements.
> Holding the ceremony under typical audit coverage, allowing for remote 
> witnessing of events by all, plus providing additional opportunities for TCRs 
> to stay involved in the process remotely.
> Signing key materials to cover one or more subsequent quarters, to provide 
> relief from the need to necessarily hold ceremonies later in 2020 if 
> circumstances disallow it. (The additional signatures would be withheld 
> securely until they are needed.)
> Our key management facilities were designed with the disaster recovery 
> capability of performing staff-only ceremonies in mind, but this is a 
> significant shift from normal operations and we want to promote broader 
> community awareness of this work. Those directly involved in key ceremonies - 
> the trusted community representatives, our vendors and auditors - have been 
> consulted and are broadly supportive of this effort.
>  
> Should there be any specific feedback you would like to share with our team, 
> please let me know or respond to this thread. We will take it into 
> consideration as we finalize our plans.
> Thank you for your support.

Reply via email to