[dns-operations] Root DNSSEC key attestation
mlarson at verisign.com
Fri Jul 16 13:34:04 UTC 2010
Now that the root zone is signed for real and the trust anchor has
been published, I'd like to go on record with the statement below,
doing my small part to add third-party community trust to the root's
key. That statement is recorded for posterity on the Ask Mr. DNS web
site at http://www.ask-mrdns.com/misc/root-key-attestation.asc.
At this point, please allow me to insert a shameless plug for the Ask
Mr. DNS podcast, in which my good friend, Cricket Liu, and I answer
DNS questions and talk about things DNS (and things not DNS).
I was fortunate enough to be present when the root key was generated
and I talk about the experience a bit in our latest episode:
If your reaction to this message is, "That sounds like a great podcast
and I must subscribe immediately!", then I have just the URL for you:
Finally, if you have a question for Mr. DNS to answer, he can always
be reached at mrdns at ask-mrdns.com.
-----BEGIN PGP SIGNED MESSAGE-----
On June 16, 2010, I witnessed the generation of the first root zone
key-signing key in the first key ceremony held by ICANN, the IANA
functions operator, at its key ceremony facility in Culpeper, VA.
I attest that the following DS record corresponds to the key generated
at that ceremony:
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
The canonical location of the root zone trust anchor information is
http://data.iana.org/root-anchors. Also included there are supporting
material and explanatory documentation.
July 16, 2010
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
-----END PGP SIGNATURE-----
More information about the dns-operations