[kictanet] [Fwd: Signing of the ARPA zone]

JM Okech okechjr at yahoo.com
Mon Mar 22 09:56:47 EAT 2010 

Sorry Michuki, Listers,
Just wondering .... from the document that you directed us together with the content of your mail it appears like we only have 12 root servers. My undersstanding that we have 13 root servers (interms of the allowable IP address) kindly clarify this....


BFN  
Okech JMMy blog

--- On Wed, 3/10/10, Michuki Mwangi <michuki at swiftkenya.com> wrote:


From: Michuki Mwangi <michuki at swiftkenya.com>
Subject: [kictanet] [Fwd: Signing of the ARPA zone]
To: okechjr at yahoo.com
Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
Date: Wednesday, March 10, 2010, 9:20 PM


FYI

-------- Original Message --------
Subject: Signing of the ARPA zone
Date: Wed, 10 Mar 2010 13:13:46 -0800
From: Joe Abley <joe.abley at icann.org>
To: Joe Abley <joe.abley at icann.org>

Colleagues,

This is a technical, operational announcement regarding changes to the
ARPA top-level domain. Apologies in advance for duplicates received
through different mailing lists.

No specific action is requested of operators. This message is for your
information only.

The ARPA zone is about to be signed using DNSSEC. The technical
parameters by which ARPA will be signed are as follows:

KSK Algorithm and Size: 2048 bit RSA
KSK Rollover: every 2-5 years, scheduled rollover to follow RFC 5011
KSK Signature Algorithm: SHA-256
Validity period for signatures made with KSK: 15 days; new signatures
published every 10 days
ZSK Algorithm and Size: 1024 bit RSA
ZSK Rollover: every 3 months
ZSK Signature Algorithm: SHA-256
Authenticated proof of non-existence: NSEC
Validity period for signatures made with ZSK: 7 days; zone generated and
re-signed twice per day

The twelve root server operators [1] will begin to serve a signed ARPA
zone instead of the (current) unsigned ARPA zone during a maintenance
window which will open at 2010-03-15 0001 UTC and close at 2010-03-17
2359 UTC. Individual root server operators will carry out their
maintenance at times within that window according to their own
operational preference.

The trust anchor for the ARPA zone will be published in the ITAR [2],
and in the root zone in the form of a DS record once the root zone is
signed.

If you have any concerns or require further information, please let me know.

Regards,


Joe Abley
Director DNS Operations, ICANN

[1] <http://www.root-servers.org/>
[2] <https://itar.iana.org/>



_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

This message was sent to: okechjr at yahoo.com
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/okechjr%40yahoo.com



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20100321/c58cc0e6/attachment.htm>

More information about the KICTANet mailing list