ICANN publishes a draft timeline for the root zone Key Signing Key rollover.
ICANN has published a draft timeline for the rollover of the key signing key (KSK) of the root zone Domain Name System Security Extension (DNSSEC). As explained by ICANN here and here, rolling the KSK means generating a new cryptographic public and private key pair and distributing the new public component to parties who develop, distribute or operate validating resolvers. The KSK is used to cryptographically sign the Zone Signing Key (ZSK) which is used to DNSSEC-sign the root zone of the Internet’s DNS. According to the timeline, the KSK rollover process is planned to begin in October 2016, while the insertion of the new KSK is expected for July 2017.