Root Zone KSK Rollover Plan

Author
Internet Corporation for Assigned Names and Numbers

The report outlines a series of recommendations for changing the DNSSEC root zone Key Signing Key (KSK). The process of changing the KSK means generating a new cryptographic public and private key pair and distributing the new public component to parties including Internet service and other DNS resolver operators, DNS resolver software developers, integrators, and distributors. The KSK is used to cryptographically sign the Zone Signing Key, which is used to sign the root zone of the Domain Name System.

Share on FacebookTweet