Deploy360 Domain Name System Security Extensions (DNSSEC)

Watch LIVE at 1:00pm US EDT today – ICANN's DNSSEC Key Signing Ceremony XV

icann-at-15-logoIn about 15 minutes, at 1:00pm US EDT, you can watch live as members of the DNS/DNSSSEC community engage in a “Key Signing Ceremony” that will result in the generation of new keys used for managing DNSSEC at the root of the Domain Name System (DNS).  The live stream will be at:

The schedule, list of attendees and other information can be found at:

The ceremony begins at 1:00pm and is scheduled to end at 4:00pm US EDT. The script that is being followed during the ceremony is available at:

These documents may also be helpful in understanding what happens:

Essentially what is going on is the creation and signing of new “zone-signing keys (ZSKs)” that are being signed by ICANN’s “key-signing key (KSK)” and then deployed by the ZSK operator.

As you will see if you watch, there is a very specific process that is used to ensure the integrity and security of the key signing process.  It is all documented and then archived so that there is full transparency about what goes on.

If you are interested in understanding how DNSSEC works at an operational level, you may find watching today quite informative. If you are unable to watch the stream live, it will be recorded and made available from the archive link for this 15th key signing ceremony.  (And as these key signing ceremonies happen quarterly, the next will be along in just a few months.)