Internet Root KSK Rollover, 'Rolling the Key' for the DNS Root Oct 11

If everything goes fine, you should not notice and your systems will all work as normal. However, if your DNS resolvers are not ready to use the new key, your users may not be able to reach many websites, send email, use social media or engage in other Internet activities ... It should be a "non-event" in that it will be "just another day on the Internet" --Dan York

 The Communications Regulatory Authority (CRA) has cautioned the public against misleading information circulating on social media platforms pertaining to an alleged “two-day Internet outage across the world.” The CRA clarified that on October 11, 2018, the Internet Corporation of Assigned Names and Numbers (ICANN) will change the cryptographic key that helps protect the Domain Name System (DNS) — the Internet’s address book--gulf-times.com.

Root KSK Rollover: ICANN Board approved (with dissent), to change or "roll" the key for the DNS root on 11 Oct 2018, first time the key has ever been changed--ICANN.org.

What To Expect During the Root KSK Rollover (pdf, updated 17 Sep 2018) embed below:

More info:

• On Twitter: #Keyroll   #KSKroll   #DNSSEC 

• Root Zone KSK Rollover | ICANN.org and ksk-rollover mail list.

• Internet Intelligence Map

• Preparing for the KSK Rollover | VeriSign.com

Tweets by InternetIntel

• How to Prepare for the DNSSEC Root KSK Rollover on October 11, 2018 | circleid.com: "... 5. Plan to be around on 11 October 2018 at 16:00 UTC [12noon EDT] ..."

• What you need to know about the first-ever DNSSEC root key rollover on October 11, 2018--redhat.com.

• The Root KSK Rollover? What Does It Mean for Me?--circleid.com.

• DNSSEC Key Signing Key Rollover--us-cert.gov. See also rollready.dnsops.gov.

• Operational Notification: KSK-2010 will be retired from the root zone, potentially affecting validating resolvers--kb.isc.org/docs/aa-01529

• DNSSEC – Root Zone KSK Rollover--suse.com

• [SingCERT] Technical Advisory on DNSSEC Root Zone Key Signing Key Rollover--csa.gov.sg

The DNS Root Zone KSK rollover is happening this week!
See how ready the Internet is. https://t.co/IPMhpOwlIg#KSKroll #DNSSEC pic.twitter.com/Xp4mB1oJ1n

— APNIC (@apnic) October 8, 2018

Operational Plans for the Root KSK Rollover | ICANN.org: the current operational plans for 2018 are:

• 2018 KSK Rollover Operational Implementation Plan – Describes in detail the remaining operational steps to accomplish the root KSK rollover.
• 2018 KSK Rollover Back Out Plan – Describes anticipated deviations from the Operational Implementation Plan based on anomalies occurring while executing the operational plan.
• 2018 KSK Rollover Monitoring Plan – Describes the plan to monitor the effects of changing the trust anchor for the root zone in the traffic towards root servers.
• 2018 KSK Outreach Plan – Describes how ICANN will publicize the roll in order to have resolver operators better prepared.
• Steps of the KSK Roll Already Performed in 2017 – Describes what already took place in 2017 preparing for the KSK roll.

Tweets by ISOCtech

feedback & comments via twitter @DomainMondo
Follow @DomainMondo

DISCLAIMER

ICANN61 San Juan, Puerto Rico: GAC Communique & ICANN61 Tweets

Editor's note: ICANN61 ended in San Juan, Puerto Rico, on Thursday, March 15. Below is the GAC Communique issued March 15 by the Governmental Advisory Committee (GAC), as well as a selection of tweets courtesy of @sgdickinson.

1) ICANN 61 GAC Communique:

2) ICANN61 Report via Tweets

#ICANN61 Welcome Ceremony, Cherine Chalaby: the #ICANN Board is committed to acting, at all times, in the collective interest of all stakeholders and not in the single interest of a single stakeholder.

— Samantha Dickinson (@sgdickinson) March 12, 2018

#ICANN61 PublicForum 1, @icann_president: I have a lot of ideas, but I believe that as #ICANN CEO, the multistakeholder model isn’t something I should participate in. You, the community decide. I’m here to serve you.

— Samantha Dickinson (@sgdickinson) March 12, 2018

#ICANN61 Public Forum, Cherine Chalaby: there’s no way to completely de-risk the KSK rollover. Things will always break when you have a KSK rollover. But sometimes the risk of *not* doing the rollover is higher than the risk of doing it.

— Samantha Dickinson (@sgdickinson) March 15, 2018

#ICANN61 PublicForum 1, @JamilZahid: as chair of the NomCom, proposes that the currently non-voting, term-unlimited RSSAC and SSAC liaisons to the NomCom become full voting members of the NomCom and be term-limited.

— Samantha Dickinson (@sgdickinson) March 12, 2018

#ICANN61 Public Forum: the #metoo movement comes to #ICANN. A group of women from the community have documented experiences of harassment at ICANN meetings & will send the compilation to ICANN Board today (nobody called out by name in compilation).

— Samantha Dickinson (@sgdickinson) March 15, 2018

GDPR / WHOIS:

#ICANN61 Cross-Community on #GDPR, Cathrin Bauer-Bulst of @EU_Commission: the accreditation system for accessing non-public Whois remains the biggest missing piece of the puzzle. We need a temporary solution to go live in May while we work towards a permanent solution.

— Samantha Dickinson (@sgdickinson) March 12, 2018

#ICANN61 Cross-Community on #GDPR, @NickWenbanSmith: @Nominet hasn’t published email addresses for .uk domains for decades, and it’s not been a problem. There are 12 million .uk domains. Nominet only receives ~10 queries a month for non-public data on domains.

— Samantha Dickinson (@sgdickinson) March 12, 2018

#ICANN61 Cross-Community on #GDPR, @NickWenbanSmith: a reform of the basic principle of blanket worldwide publication of registrant data, with no checks and balances, was well overdue.

— Samantha Dickinson (@sgdickinson) March 12, 2018

FY19 ICANN Budget:

#ICANN61 @icann_president: The draft FY19 budget is a starting point that we expect the community to criticise. And we will take your criticisms into account. Ultimately, it’s the community that makes the final decisions about #ICANN’s budget.

— Samantha Dickinson (@sgdickinson) March 12, 2018

#ICANN61 Welcome Ceremony, Cherine Chalaby: #ICANN Board will consider ALL comments made to the public comment period on the draft FY19 budget.

— Samantha Dickinson (@sgdickinson) March 12, 2018

#ICANN61 Public Forum, Cherine Chalaby: #ICANN's funding levelling off doesn’t mean we should panic or worry. The question is how we can be effective in our spending. We need to strike a balance between fiscal responsibility & the ability for community to participate effectively.

— Samantha Dickinson (@sgdickinson) March 15, 2018

#ICANN61 GAC: Peru insists Communique not only document no. of GAC members present in San Juan but also total no. of GAC members, to show how participation is dropping & to send a message to the budget process about need for (more) funding for travel assistance.

— Samantha Dickinson (@sgdickinson) March 14, 2018

CCWG-Accountability WS2 jurisdiction report:

#ICANN61 GAC, France: report of CCWG-Accountability’s Sub-Group on Jurisdiction took some viewpoints into consideration more than others. Feel the recommendations have not taken all positions into account. Therefore France also couldn’t approve the Jurisdiction recommendations.

— Samantha Dickinson (@sgdickinson) March 11, 2018

#ICANN61 GAC, Argentina & Portugal: like Brazil, also see the lack of anything addressing #ICANN’s jurisdiction in California as problematic, so also objected formally to the recommendations of the CCWG-Accountability’s Sub-Group on Jurisdiction.

— Samantha Dickinson (@sgdickinson) March 11, 2018

New gTLD .AMAZON:

#ICANN61 GAC, Brazil: after discussions at #ICANN60 on .amazon #newgTLD, Amazon sent a revised proposal to the govts concerned about their application. The govts r discussing it, haven’t yet reached conclusion, meet again on 27 March, with report planned by mid-April at latest.

— Samantha Dickinson (@sgdickinson) March 10, 2018

GAC vs ICANN Board re 2-letter country codes at second level:

#ICANN61 GAC, Brazil: Board’s 2016 decision to allow 2-letter registrations at 2nd level was a major change to previously existing way 2-letter country codes were managed at 2nd level. Board has not responded to procedural or substantive issues that GAC has raised about this.

— Samantha Dickinson (@sgdickinson) March 10, 2018

#ICANN61 GAC: Portugal, Argentina, China and France support Brazil’s intervention expressing dissatisfaction
with the way the #ICANN Board handled their decision to allow 2-letter registrations in 2nd level domains.

— Samantha Dickinson (@sgdickinson) March 10, 2018

#ICANN61 GAC, Singapore: supports Brazil’s intervention about the lack of due process regarding Board’s decision on 2-letter codes at 2nd level. Need to address this or similar incident could happen again.

— Samantha Dickinson (@sgdickinson) March 10, 2018

#ICANN61 GAC, Belgium: the Board’s decision to allow 2-letter registrations at the 2nd level has set a precedent - it set aside an established, agreed, procedure and has reduced trust in ICANN process.

— Samantha Dickinson (@sgdickinson) March 10, 2018

See also on Domain Mondo: News Review: ICANN61 March 10-15, San Juan, Puerto Rico (video of Public Forums, Board Meeting, ICANN Org Executive Team, and session on GDPR)

feedback & comments via twitter @DomainMondo
Follow @DomainMondo

DISCLAIMER

Internet DNS Root Stability, New gTLD Domains, ICANN Study RFP

UPDATE: The fragilista. Frequently found spending a lot of time in ICANN meetings, they prefer to tinker with things they do not understand rather than doing nothing. They tend to mistake the unknown for the nonexistent. They lack humility and respect for the first law of ecology: we can never do merely one thing. Any action we take results in some unwanted consequences. We should avoid small, immediate, and visible benefits that introduce the possibility for large (and possibly invisible) side effects. Less is more. When we mess with an existing (complex) system we’re intervening; we can never do merely one thing. According to Nassim Taleb, the problem with the fragilista is that they “make you engage in policies and actions, all artificial, in which the benefits are small and visible, and the side effects (are) potentially severe and invisible.” An example is ICANN's new gTLDs policy and program--

"... [that] does not mean that 'adding hundreds of new entries per year to the root is safe.' Our ability to survey the regions in which discontinuities may lie for one or more of the root zone management functions is limited to assessment of risk, not absolute conclusions about 'safety'... 'Any increase in the size or volatility of the root zone involves risk' ... --Root Scaling Study Report (pdf) on the Impact on the DNS Root System of Increasing the Size and Volatility of the Root Zone (7 September 2009) (emphasis added) 

ICANN foolishly decided to expand the generic top-level domains (gTLDs) from just 22 gTLDs to more than 1300 new gTLDs (new generic top-level domains), without taking necessary prudent precautions, and yet knowing that new gTLD domain names would "break stuff" and "fail to work as expected on the internet" and could negatively impact the stability or security of the entire Internet DNS. So now ICANN has decided to issue a RFP (request for proposal) to determine "the impact of the New gTLD Program on the DNS root system." Here's the ICANN announcement:

ICANN Root Stability Study RFP: "The Internet Corporation for Assigned Names and Numbers (“ICANN”) is seeking one or more providers to conduct a technical study examining the impact of the New gTLD Program (the Program) on the DNS root system. Consistent with its mission supporting the security and stability of the Internet’s system of unique identifiers, ICANN will undertake an examination of the Program’s impact on the DNS root system. The selected provider(s) will design and execute one or more studies incorporating the collection and analysis of data from root server operators, historical performance data, data gathered from previous studies, and other tools and measures. ICANN is seeking one or more qualified providers to manage this complex exercise in a timely and efficient manner. A review of the [New gTLDs] Program for security and stability impact is a previous commitment based on advice from ICANN’s Governmental Advisory Committee [GAC] and other discussions. Specifically, ICANN committed to review the effects of the New gTLD Program on the operations of the DNS root system, and to postpone delegations in a future round until it is determined that the delegations in the 2012 round have not jeopardized the root system's security or stability.

"The goals of this study include, at a minimum:

• Executing a thorough review of the impact of the Program on the security and stability of the DNS.
• Identifying what steps, if any, should be undertaken as a prerequisite to adding more TLDs to the root zone.
• Identifying what steps, if any, should be undertaken by the community going forward to assess the state of the root zone on an ongoing basis.

"For additional information, complete timeline, and instructions for submitting responses please click. [ZIP, 983 KB] Proposals should be submitted to RootStabilityStudy-RFP@icann.org by 23:59 UTC on 2 July 2015." (emphasis added)

The real question is whether ICANN will hire a professional and competent firm and allow it to assess and make determinations without undue influence or interventions from self-interested, self-serving "stakeholders" of the new gTLD domain names industry or its ICANN sycophants?

See also on Domain Mondo:

• New gTLD Domain Names, Defects, ICANN Liability, FTC Complaints
• ICANN, IANA functions, Ultimate Mechanism of Accountability, A New Root
• ICANN, IANA Functions, Internet DNS Root, Root Server Operators
• ICANN Admits New gTLDs Compromise Internet Stability and Security

Follow @DomainMondo