> • Using 3 TCRs’ credentials, either by having their access key
> transferred to us in a secure manner in advance of the ceremony, or by
> drilling the safety deposit box that holds their secure elements.
Accessing the credentials without the TCRs present will shatter confidence in
TCR model. Better avoid that.
--
Kind regards,
Sergey Myasoedov
> On 26 Mar 2020, at 02:52, Kim Davies wrote:
>
> Colleagues,
>
> The IANA team, and the broader ICANN organization, have been giving
> significant thought to the Coronavirus pandemic and its impact on root zone
> KSK operations. Managing the KSK is centred on conducting "key signing
> ceremonies", where trusted community representatives (TCRs) attend from
> around the world to witness utilization of the root zone KSK private key.
> This approach seeks to engender trust in the broader community that the key
> has not been compromised, in addition to more typical controls such as
> third-party auditing.
>
> In light of world events we have developed contingency plans around how to
> hold key ceremonies in the short term. To that end, we identified a graduated
> set of options, in summary:
> • Hold the next ceremony as planned on April 23, with a quorum of
> participants globally.
> • Hold the next ceremony on a different date using only US-based TCRs.
> • Hold the next ceremony using our disaster recovery procedure, which
> provides for a staff-only ceremony (i.e. no TCRs would be physically present).
> In general, our goal has been to navigate from Option 1, and if that is not
> possible, Option 2, and so on. However, at this time, our focus is on
> developing a plan around Option 3.
>
> The ceremony is currently scheduled unusually early in the quarter (it is
> typically held in May), and needs to be held to generate signatures that will
> be needed in production for July. Our contingency plan is comprised of:
>
> • Holding the ceremony with a bare minimum of staff (approximately 6);
> • Using 3 TCRs’ credentials, either by having their access key
> transferred to us in a secure manner in advance of the ceremony, or by
> drilling the safety deposit box that holds their secure elements.
> • Holding the ceremony under typical audit coverage, allowing for
> remote witnessing of events by all, plus providing additional opportunities
> for TCRs to stay involved in the process remotely.
> • Signing key materials to cover one or more subsequent quarters, to
> provide relief from the need to necessarily hold ceremonies later in 2020 if
> circumstances disallow it. (The additional signatures would be withheld
> securely until they are needed.)
> Our key management facilities were designed with the disaster recovery
> capability of performing staff-only ceremonies in mind, but this is a
> significant shift from normal operations and we want to promote broader
> community awareness of this work. Those directly involved in key ceremonies -
> the trusted community representatives, our vendors and auditors - have been
> consulted and are broadly supportive of this effort.
>
> Should there be any specific feedback you would like to share with our team,
> please let me know or respond to this thread. We will take it into
> consideration as we finalize our plans.
> Thank you for your support,
>
>
> Kim Davies
> VP, IANA Services, ICANN
> President, Public Technical Identifiers (PTI)
> ___
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
