[190857] in North American Network Operators' Group
Root Zone DNSSEC Operational Update -- ZSK length change
daemon@ATHENA.MIT.EDU (Wessels, Duane)
Thu Jul 28 20:34:50 2016
X-Original-To: nanog@nanog.org
From: "Wessels, Duane" <dwessels@verisign.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 28 Jul 2016 22:37:39 +0000
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_4B66FC40-E1BD-49E2-833C-222E102B48BA
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
As you may know, Verisign, in its role as the Root Zone Maintainer
is also the operator of the root zone Zone Signing Key (ZSK). Later
this year, we will increase the size of the ZSK from 1024-bits to
2048-bits.
The root zone ZSK is normally rolled every calendar quarter, as per
our =E2=80=9CDNSSEC Practice Statement for the Root Zone ZSK =
operator.=E2=80=9D[1]
The ZSK public keys are signed at quarterly key signing ceremonies
by ICANN in its role as the IANA Functions Operator.
On September 20, 2016 the 2048-bit ZSK will be pre-published in the
root zone, following the standard ZSK rollover procedure. We intend
to begin publishing root zones signed with the first 2048-bit ZSK
on October 1, 2016.
Some details of the ZSK size transition have recently been presented
at the DNS-OARC, NANOG, RIPE, ICANN, and IETF meetings.[2] If you
have any questions or concerns, please feel free to contact us at
zms@verisign.com.
Please feel free to forward this message to anyone who might not have
seen it here.
[1] https://www.verisign.com/assets/dps-zsk-operator-1532.pdf
[2] =
https://ripe72.ripe.net/wp-content/uploads/presentations/168-verisign-zsk-=
change.pdf
--Apple-Mail=_4B66FC40-E1BD-49E2-833C-222E102B48BA
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBCAAGBQJXmokpAAoJEGyZpGmowJiNNBoH/1kA6I5Z8QRzJYfqJ2v///Tz
V8wbZTdrtlsLyUChykqO0w5PBsucWq9pWP+Y/Ff8mlxcHGYAgRKJJzMKkuf2Bp42
+1LU8+64uJ/SvuEULAotuw+5hPY4Fl6YtJSDWixP25yAcnA6wAWeLQ0tR0be37kh
oqtcY+OPD/dXX46iRygTXkZV4ykVYLbKGCupN6VGeEjPmRrMYKWun/L078xGZlb3
YqqDscNFbujhxUWNlksuCNIxOqXffdQj48HAtgDygEL5XpztKhwfx3cusOezJVuk
wy48Tq+koT+OO6ijotM5pHOt1U4av+3Orr+K9g8cyQxLJxzqKpXYjDt0GlAbX7A=
=BV/m
-----END PGP SIGNATURE-----
--Apple-Mail=_4B66FC40-E1BD-49E2-833C-222E102B48BA--
