[kictanet] FW: Trusted Community Representatives: ICANN

alice at apc.org alice at apc.org
Thu Apr 22 23:08:40 EAT 2010


   Forwarded message:Message from Doug Brent.

As you know, ICANN (as the IANA functions operator) is working jointly with VeriSign (as the root zone maintainer) in the process of making the root of the DNS more secure through the implementation of DNSSEC. As part of this joint effort with the US Department of Commerce, ICANN will seek on a provisional basis the participation of a number of persons to participate in the root key generation and signing ceremonies.  These persons are called Trusted Community Representatives (“TCRs”). The TCRs will be chosen by ICANN based on Statements of Interest from the Internet community. The initial TCR selection will be on a provisional basis, to determine the viability of the approach based upon the first initialization of the Hardware Security Modules (HSMs) and key generation that are scheduled to take place in June of this year.    There are two types of TCRs – a “Crypto Officer” and a “Recovery Key Share Holder”.  A Crypto Officer participates in activating (enabling) the HSM containing the private half of the DNSSEC root Key Signing Key (KSK) before that module may be used for cryptographic operations.  Seven (7) individuals are designated for each ICANN-operated secure KSK facility, with one facility located on the U.S. East Coast and another facility on the U.S. West Coast, for a total of 14 Crypto Officers.  It is expected that each TCR will be required to travel to either the US East or West Coast ICANN KSK facility up to four (4) times a year.   A Recovery Key Share Holder is responsible for protecting a part of a key used to encrypt backup copies of the HSM contents.  Each share holder is responsible for keeping a smart card (in a tamper-evident bag) in a bank safe deposit box accessible by them.  Seven (7) individuals are required.  After HSM initialization, the share holder is not expected to participate in any scheduled ceremonies, but must be able to travel to an ICANN KSK facility in the US on relatively short notice at any time when requested.  Share holders must participate in the annual inventory by providing proof of possession of their smart card.   As leaders of the ICANN community, we would like to ask you to help communicate this opportunity to qualified individuals to serve as TCRs.  We intend to select individuals that are committed to the security of the DNS and, as much as possible, reflect geographic diversity. Qualified candidates should be knowledgeable about the technical functions for which ICANN has responsibilities. For an individual to be considered, he or she must submit a Statement of Interest following the application procedures that are to be published on the ICANN and http://www.root-dnssec.org/tcr/ websites.  Based on these submissions, ICANN will select 21 TCRs along with a reserve list of candidates for use as replacements if needed.  For more information about the TCR program and the application and selection process, please visit http://www.root-dnssec.org . TCRs will serve an important function in enhancing the security  of the DNS and to the greatest extent possible should reflect the diverse makeup of the ICANN community.  Please help us communicate this need. Thank you in advance for your help and consideration.  If you have any questions, please let me  know. Thanks,Doug--Doug BrentChief Operating OfficerICANNVoice: +1 310.301.3871Mobile: +1 650.996.4447Fax: +1 310.823.8649  ________________________________________
Sent from my BlackBerry® smartphone from Zain Kenya


More information about the KICTANet mailing list