> In light of world events we have developed contingency plans around how > to hold key ceremonies in the short term. To that end, we identified a > graduated set of options, in summary: > > 1. Hold the next ceremony as planned on April 23, with a quorum of > participants globally. > 2. Hold the next ceremony on a different date using only US-based TCRs. > 3. Hold the next ceremony using our disaster recovery procedure, which > provides for a staff-only ceremony (i.e. no TCRs would be physically > present).
Out of curiosity, about option 3: in a DR scenario when TCRs are not physically present, how is their key material / knowledge used? As in: 1. if they hold a physical key(part), how is that used? I suspect it is on only premise in the safe and local hands are used to connect them physically. 2. if they hold knowledge (passphrase), how is that used? Do they enter it over a secure channel directly into the signer or do they tell someone that can type it in locally and promises to forget it afterwards? Or something else? I understand I can probably look this up if I dig enough, but maybe the answer is simple enough. Cheers, Robert _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
