[191846] in North American Network Operators' Group
Re: Root Zone DNSSEC Operational Update -- ZSK length change
daemon@ATHENA.MIT.EDU (Wessels, Duane)
Thu Sep 29 11:15:35 2016
X-Original-To: nanog@nanog.org
From: "Wessels, Duane" <dwessels@verisign.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 29 Sep 2016 15:15:23 +0000
In-Reply-To: <E7ACD441-57F6-4DD0-985E-6751E5B3D35C@verisign.com>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_FA73E62F-E16B-46D7-9D14-05391F379F03
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
A quick update on this change: A 2048-bit ZSK has been pre-published in =
the root zone as of September 20. We are not aware of any issues =
related to the appearance of the larger key.
In less than 48 hours we will being publishing root zones signed with =
the 2048-bit ZSK. I will send another note once that has happened. If =
you observe any problems related to this change, please contact =
Verisign's customer service at info@verisign-grs.com.
Duane W.
> On Jul 28, 2016, at 3:37 PM, Wessels, Duane <dwessels@verisign.com> =
wrote:
>=20
> As you may know, Verisign, in its role as the Root Zone Maintainer
> is also the operator of the root zone Zone Signing Key (ZSK). Later
> this year, we will increase the size of the ZSK from 1024-bits to
> 2048-bits.
>=20
> The root zone ZSK is normally rolled every calendar quarter, as per
> our =E2=80=9CDNSSEC Practice Statement for the Root Zone ZSK =
operator.=E2=80=9D[1]
> The ZSK public keys are signed at quarterly key signing ceremonies
> by ICANN in its role as the IANA Functions Operator.
>=20
> On September 20, 2016 the 2048-bit ZSK will be pre-published in the
> root zone, following the standard ZSK rollover procedure. We intend
> to begin publishing root zones signed with the first 2048-bit ZSK
> on October 1, 2016.
>=20
> Some details of the ZSK size transition have recently been presented
> at the DNS-OARC, NANOG, RIPE, ICANN, and IETF meetings.[2] If you
> have any questions or concerns, please feel free to contact us at
> zms@verisign.com.
>=20
> Please feel free to forward this message to anyone who might not have
> seen it here.
>=20
> [1] https://www.verisign.com/assets/dps-zsk-operator-1532.pdf
> [2] =
https://ripe72.ripe.net/wp-content/uploads/presentations/168-verisign-zsk-=
change.pdf
>=20
--Apple-Mail=_FA73E62F-E16B-46D7-9D14-05391F379F03
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBCAAGBQJX7TAGAAoJEGyZpGmowJiNzzwH/1D6T5uj8rAbiVrn33nt4OYc
6btjLg+hLJu93YpHcQl/KeSaSjf7vjZV7w7svoP+vvqgSxG8srQBhVfkvAsdx0JS
BytB8YplKzjWpZCNjfwCdXd3+do0JGProCsr69ppz+czzGR0czueNoWxlf6zErhm
0upRyTPOfbugMoYjj81MVmISsYzEo51ZPnx5a30uC3e56xDOfGbu+L+ZbrZP5wUd
1AarSvyTUp3uVZX9GZIR46XvVRLpDWY4G4D1YdhcRzRFIOdN0v5K6JqH0HVLt5fR
o0d//z2ehZ3Yn18vFBo3a8/+/aXRrg7FOaBmR6NSKRGqLH/rVBwMy8SNdw6HqvQ=
=G+yh
-----END PGP SIGNATURE-----
--Apple-Mail=_FA73E62F-E16B-46D7-9D14-05391F379F03--
