As many of you know already, Kirei - as part of the Root DNSSEC Design Team, and on behalf of ICANN - has a central role in implementing DNSSEC for the Root Zone. The team, consisting of a group of Internet and security experts from ICANN, VeriSign and Kirei, has been working closely together with the primary objective of implementing a stable and secure solution for DNSSEC at the Root Zone ready by July 2010.
For the last 10 months, we’ve been working on a number of important issues, including:
- Designing the overall system- and security architecture of the signer and key management system based on the requirements from U.S. Department of Commerce, National Telecommunications and Information Administration (DoC/NTIA).
- Drafting the DNSSEC Practice Statement (DPS) for the KSK and ZSK holder (i.e. ICANN and VeriSign, respectively), and publishing of a DPS framework for other registries to benefit from
- Communicating the progress and gather feedback from the community
- Establishing of Trust anchor publication mechanisms
- Increasing transparency and community trust by introduction of the Trusted Community Representatives into the signing process
- Defining physical security controls and requirements for the KSK operators facilities
- Preparation to undergo a SysTrust examination of the Root Zone KSK Operator function
- Work out key ceremonies, testing of the scripts and carry out rehearsals
- Develop deployment plans and interface with the root server operators
- Perform testing of resolver implementations
Kirei is very proud to be part of this landmark project and believe that a signed root is an important step for improving the security of the DNS infrastructure.
For more information about DNSSEC for the Root Zone, please visit the website at http://www.root-dnssec.org/.