[dns-operations] Contingency plans for the next Root KSK Ceremony

Robert Kisteleki robert at ripe.net
Tue Mar 31 07:57:34 UTC 2020

> In light of world events we have developed contingency plans around how
> to hold key ceremonies in the short term. To that end, we identified a
> graduated set of options, in summary:
>  1. Hold the next ceremony as planned on April 23, with a quorum of
>     participants globally.
>  2. Hold the next ceremony on a different date using only US-based TCRs.
>  3. Hold the next ceremony using our disaster recovery procedure, which
>     provides for a staff-only ceremony (i.e. no TCRs would be physically
>     present).

Out of curiosity, about option 3: in a DR scenario when TCRs are not
physically present, how is their key material / knowledge used? As in:

1. if they hold a physical key(part), how is that used? I suspect it is
on only premise in the safe and local hands are used to connect them

2. if they hold knowledge (passphrase), how is that used? Do they enter
it over a secure channel directly into the signer or do they tell
someone that can type it in locally and promises to forget it
afterwards? Or something else?

I understand I can probably look this up if I dig enough, but maybe the
answer is simple enough.


More information about the dns-operations mailing list