[dns-operations] Contingency plans for the next Root KSK Ceremony

Anne-Marie Eklund-Löwinder anne-marie.eklund-lowinder at internetstiftelsen.se
Tue Mar 31 08:21:15 UTC 2020

> -----Ursprungligt meddelande-----
> Från: dns-operations <dns-operations-bounces at dns-oarc.net> För Robert
> Kisteleki
> Skickat: den 31 mars 2020 09:58
> Till: dns-operations at dns-oarc.net
> Ämne: Re: [dns-operations] Contingency plans for the next Root KSK
> Ceremony
> > In light of world events we have developed contingency plans around
> > how to hold key ceremonies in the short term. To that end, we
> > identified a graduated set of options, in summary:
> >
> >  1. Hold the next ceremony as planned on April 23, with a quorum of
> >     participants globally.
> >  2. Hold the next ceremony on a different date using only US-based TCRs.
> >  3. Hold the next ceremony using our disaster recovery procedure, which
> >     provides for a staff-only ceremony (i.e. no TCRs would be physically
> >     present).
> Out of curiosity, about option 3: in a DR scenario when TCRs are not
> physically present, how is their key material / knowledge used? As in:
> 1. if they hold a physical key(part), how is that used? I suspect it is on only
> premise in the safe and local hands are used to connect them physically.

Only on premise, since one of the safes contains a security box that is personal to each TCR. Two keys are needed to open the box, the TCR key and the CA key, used together.
> 2. if they hold knowledge (passphrase), how is that used? Do they enter it
> over a secure channel directly into the signer or do they tell someone that
> can type it in locally and promises to forget it afterwards? Or something else?

No passphrase. The CA use a pin code to activate the HSM, together with three TCR's smart cards. The pin code is no secret.
> I understand I can probably look this up if I dig enough, but maybe the
> answer is simple enough.

If you had cared to tune in to any of the ceremonies that has taken place 4 times a year for the last 10 years, you would have known. :)

Best regards,


Anne-Marie Eklund Löwinder
Chief Information Security Officer
Internetstiftelsen (The Swedish Internet Foundation)
Phone: +46 734 315 310

Visitors: Hammarby Kaj 10D
Mail: Box 92073, 120 07 Stockholm

"Never attribute to malice that which can be adequately explained by stupidity." Robert J. Hanlon

More information about the dns-operations mailing list