[dns-operations] First Root Zone DNSSEC KSK Ceremony

David Conrad drc at virtualized.org
Mon Jun 7 01:32:47 UTC 2010


On Jun 6, 2010, at 2:36 PM, Doug Barton wrote:
> The most transparent option would be to stream the whole thing live, warts and all.

Because as we all know, it is impossible to hack a video feed.  And when the video feed cuts out because of a DDoS attack, a failure of equipment, or a mistake on the part of ICANN staff, what should we do: cancel the event and tell all the TCRs to come back another day (on their dime)?  And how do we deal with the accusations that the cut streaming video is evidence that ICANN has tampered with the KSK?

Given the very tight time constraints, our entire focus has been to make sure the various bits and pieces necessary to ensure the KSK is properly generated and utilized with the Trusted Community Representatives being the key ensurers that the project is done with a sufficient level of trust. It is much harder to hack the optic nerves of multiple people physically present for the key signing and thus, they are the primary source of trust, transparency, etc.

More pragmatically, there simply isn't time to test the additional bits and pieces associated with doing live streaming from the Culpeper facility.  We decided to provide additional space in an adjacent room for folks who wish to go to the facility because a bunch of people expressed interest and we thought it would be nice to not simply reject them.  In subsequent key signing ceremonies, when we have more time to test live streaming video and work out the policy implications of a failure of that streaming, I suspect it would make sense to stream the exciting events live.

Or, if the community so strongly wishes to view the proceedings live over the Internet, we could look into delaying signing the root...


More information about the dns-operations mailing list