> • Using 3 TCRs’ credentials, either by having their access key > transferred to us in a secure manner in advance of the ceremony, or by > drilling the safety deposit box that holds their secure elements.
Accessing the credentials without the TCRs present will shatter confidence in TCR model. Better avoid that. -- Kind regards, Sergey Myasoedov > On 26 Mar 2020, at 02:52, Kim Davies <kim.dav...@iana.org> wrote: > > Colleagues, > > The IANA team, and the broader ICANN organization, have been giving > significant thought to the Coronavirus pandemic and its impact on root zone > KSK operations. Managing the KSK is centred on conducting "key signing > ceremonies", where trusted community representatives (TCRs) attend from > around the world to witness utilization of the root zone KSK private key. > This approach seeks to engender trust in the broader community that the key > has not been compromised, in addition to more typical controls such as > third-party auditing. > > In light of world events we have developed contingency plans around how to > hold key ceremonies in the short term. To that end, we identified a graduated > set of options, in summary: > • Hold the next ceremony as planned on April 23, with a quorum of > participants globally. > • Hold the next ceremony on a different date using only US-based TCRs. > • Hold the next ceremony using our disaster recovery procedure, which > provides for a staff-only ceremony (i.e. no TCRs would be physically present). > In general, our goal has been to navigate from Option 1, and if that is not > possible, Option 2, and so on. However, at this time, our focus is on > developing a plan around Option 3. > > The ceremony is currently scheduled unusually early in the quarter (it is > typically held in May), and needs to be held to generate signatures that will > be needed in production for July. Our contingency plan is comprised of: > > • Holding the ceremony with a bare minimum of staff (approximately 6); > • Using 3 TCRs’ credentials, either by having their access key > transferred to us in a secure manner in advance of the ceremony, or by > drilling the safety deposit box that holds their secure elements. > • Holding the ceremony under typical audit coverage, allowing for > remote witnessing of events by all, plus providing additional opportunities > for TCRs to stay involved in the process remotely. > • Signing key materials to cover one or more subsequent quarters, to > provide relief from the need to necessarily hold ceremonies later in 2020 if > circumstances disallow it. (The additional signatures would be withheld > securely until they are needed.) > Our key management facilities were designed with the disaster recovery > capability of performing staff-only ceremonies in mind, but this is a > significant shift from normal operations and we want to promote broader > community awareness of this work. Those directly involved in key ceremonies - > the trusted community representatives, our vendors and auditors - have been > consulted and are broadly supportive of this effort. > > Should there be any specific feedback you would like to share with our team, > please let me know or respond to this thread. We will take it into > consideration as we finalize our plans. > Thank you for your support, > > > Kim Davies > VP, IANA Services, ICANN > President, Public Technical Identifiers (PTI) > _______________________________________________ > dns-operations mailing list > dns-operations@lists.dns-oarc.net > https://lists.dns-oarc.net/mailman/listinfo/dns-operations _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations