Please note the request for provisional Trusted Community Representatives (TCRs) for the root key generation and signing ceremonies : http://www.icann.org/en/announcements/announcement-12apr10-en.htm . And especially note the very short window for expressions of interest : Friday, 23 April.
======================================================
Message
from Doug Brent
Dear Chairpersons of the ICANN Supporting Organizations
and Advisory Committees:
As you know, ICANN (as the IANA functions
operator) is working jointly with VeriSign (as the root zone maintainer) in the
process of making the root of the DNS more secure through the implementation of
DNSSEC. As part of this
joint effort with the US Department of Commerce, ICANN will seek on a
provisional basis the participation of a number of persons to participate in the
root key generation and signing ceremonies. These persons are called
Trusted Community Representatives (“TCRs”).
The TCRs will be
chosen by ICANN based on Statements of Interest from the Internet community. The
initial TCR selection will be on a provisional basis, to determine the viability
of the approach based upon the first initialization of the Hardware Security
Modules (HSMs) and key generation that are scheduled to take place in June of
this year.
There are two types of TCRs – a “Crypto
Officer” and a “Recovery Key Share Holder”. A Crypto Officer participates
in activating (enabling) the HSM containing the private half of the DNSSEC root
Key Signing Key (KSK) before that module may be used for cryptographic
operations. Seven (7) individuals are designated for each ICANN-operated
secure KSK facility, with one facility located on the U.S. East Coast and
another facility on the U.S. West Coast, for a total of 14 Crypto Officers.
It is expected that each TCR will be required to travel to either the US
East or West Coast ICANN KSK facility up to four (4) times a year.
A Recovery Key Share Holder is responsible for protecting a
part of a key used to encrypt backup copies of the HSM contents. Each
share holder is responsible for keeping a smart card (in a tamper-evident bag)
in a bank safe deposit box accessible by them. Seven (7) individuals are
required. After HSM initialization, the share holder is not expected to
participate in any scheduled ceremonies, but must be able to travel to an ICANN
KSK facility in the US on relatively short notice at any time when requested.
Share holders must participate in the annual inventory by providing proof
of possession of their smart card.
As leaders of the ICANN
community, we would like to ask you to help communicate this opportunity to
qualified individuals to serve as TCRs. We intend to select individuals
that are committed to the security of the DNS and, as much as possible, reflect
geographic diversity. Qualified candidates should be knowledgeable about the
technical functions for which ICANN has responsibilities.
For an
individual to be considered, he or she must submit a Statement of Interest
following the application procedures that are to be published on the ICANN and
http://www.root-dnssec.org/tcr/
websites. Based on these submissions, ICANN will select 21 TCRs along with
a reserve list of candidates for use as replacements if needed. For more
information about the TCR program and the application and selection process,
please visit http://www.root-dnssec.org
.
TCRs will serve an important function in enhancing the security
of the DNS and to the greatest extent possible should reflect the diverse
makeup of the ICANN community. Please help us communicate this
need.
Thank you in advance for your help and consideration.
If you have any questions, please let me
know.
Thanks,
Doug
--
Doug Brent
Chief
Operating Officer
ICANN
Voice: +1 310.301.3871
Mobile: +1
650.996.4447
Fax: +1 310.823.8649