Purpose: We are seeking feedback on our proposal for how future Root Zone Key Signing Key (KSK) changes are made. In particular, we plan to create a predictable approach by establishing a standard KSK rollover interval.
Current Status: The first Root Zone KSK rollover was recently concluded and widely viewed as a success. This proposal has been drafted based on learnings from that process, along with informal feedback that has been received to date from the operational community.
Next Steps: Feedback received to this public comment period will inform our final approach, which will be put into operational practice.
Section I: Description and Explanation
One document, "Proposal for Future Root Zone KSK Rollovers", is provided for community discussion and public comment. This proposal describes the considerations and an anticipated framework under which future changes to the Root Zone Key Signing Key (KSK) are made. The Root Zone KSK serves as the trust anchor for Domain Name System Security Extensions (DNSSEC) and is managed as part of the Internet Assigned Numbers Authority (IANA) functions, performed by ICANN through its affiliate Public Technical Identifiers (PTI). We seek feedback from the community to refine and finalize our approach prior to implementation through operational and procedural updates.
Section II: Background
This proposal has been created based upon initial outreach and engagement with those involved directly in the first KSK rollover in 2018, including comments received through the ICANN KSK Rollover discussion list.