Hello, For DNSSEC, the "DNSSEC Practice Statement (DPS) "provides authoritative information on Key management, facilities and many others….. For the root, the DPS for the Root Zone KSK Operator describes how PTI performs this role and the relationship to ICANN. For example section 1.3.1 says: ===== 1.3.1. Root Zone Manager Public Technical Identifiers (PTI) performs the management of the DNS Root Zone. This role includes accepting change requests to the contents of the Root Zone from the Top Level Domain (TLD) Operators and validating those requests. After validation occurs, implementation is performed by the Root Zone Maintainer. PTI is an affiliate of the Internet Corporation for Assigned Names and Numbers (ICANN), and performs these functions under an "IANA Naming Functions" contract from ICANN using the facilities, property and staff of ICANN under a service agreement. ========== https://www.iana.org/dnssec/dps/ksk-operator/ksk-dps.txt On another note, page 7 of the ICANN SSR framework FY15-16 seems very clear: ===== Within its technical mission, ICANN’s SSR role encompasses three categories of responsibilities: 1.ICANN’s operational responsibilities (organizational risk management of internal operations including L-root, DNS operations, DNSSEC key signing operations, IANA functions, new TLD operations, Time Zone Database Management); 2. ICANN’s involvement as a coordinator, collaborator and facilitator with the global community in policy and technical matters related to the Internet's unique identifiers; 3.ICANN's engagement with others in the global Internet ecosystem. ======= https://www.icann.org/en/system/files/files/ssr-framework-fy15-16-30sep16-en... Hope this helps —Alain
On Mar 20, 2017, at 11:27 PM, John L. Crain <john.crain@icann.org> wrote:
So I believe this question needs to go to either legal or finance as it pertains to where the ownership of the KMF sits, PTI vs ICANN etc
Karen, maybe you and I can go over the list of questions this week and route them to the correct folks internally?
I remember from the discussion that there were a couple of questions I could not give a definitive answer too as they fell outside my groups direct expertise.
John
Sent from my iPhone
On Mar 17, 2017, at 4:06 AM, James Gannon <james@cyberinvasion.net> wrote:
Apologies!
So the KMFs are the Key Management Facilities that are used to store and operate the extremely important set of private keys that sign the root zone of the internet for the DNSSEC. https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
You can see what the facilities look like and one of the high trust ceremonies being performed at https://www.iana.org/dnssec/ceremonies/28
They are one of the few physical facilities that have extremely high security requirements and it would be useful for the team to understand where the contract for management of the KMFs stands and did it transfer to PTI as part of the IANA transition, as when it comes to the DNSSEC and the Key Ceremonies we still have a lot of overlap.
-James
From: Emily Taylor <emily.taylor@oxil.co.uk> Date: Friday 17 March 2017 at 12:02 To: James Gannon <james@cyberinvasion.net> Cc: Karen Mulberry <karen.mulberry@icann.org>, SSR2 <ssr2-review@icann.org>, Eleeza Agopian <eleeza.agopian@icann.org>, Elise Gerich <elise.gerich@iana.org> Subject: Re: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Hi James
Thanks for this. Would you be able to spell out the acronyms for those members of the team who are less familiar with the ICANN environment?
Best wishes
Emily
On Fri, Mar 17, 2017 at 11:00 AM, James Gannon <james@cyberinvasion.net> wrote: Hi Karen,
Also just putting in writing my request for John from the SSR side or the PTI team to set out the ownership and responsibility matrix for the KMFs as requested in the meeting.
-james
From: <ssr2-review-bounces@icann.org> on behalf of Karen Mulberry <karen.mulberry@icann.org> Date: Friday 17 March 2017 at 10:36 To: SSR2 <ssr2-review@icann.org> Cc: Eleeza Agopian <eleeza.agopian@icann.org> Subject: [Ssr2-review] Action Item from the SSR2 15 March 2017 Plenary
Per your request, here are the contact details for the two vendors who presented in the afternoon plenary session.
SADAG researchers for the DNS Abuse Study
Maciej Korczyński: maciej.korczynski@tudelft.nl
Maarten Wullink: maarten.wullink@sidn.nl
TNO researcher for the Root Zone Study
Bart Gijsen at TNO: bart.gijsen@tno.nl.
For TNO, please let Eleeza Agopian <eleeza.agopian@icann.org> know if you would like to get in touch with TNO.
If you would like to arrange a longer discussion on either of the study’s on one of the SSR2 upcoming plenary calls, please let us know so arrangements can be made.
Karen Mulberry
Director, Multistakeholder Strategy and Strategic Initiatives (MSSI)
ICANN
12025 Waterfront Dr., Suite 300
Los Angeles, CA 90094
Phone: +1 424 353 9745
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
-- Emily Taylor CEO, Oxford Information Labs Associate Fellow, Chatham House; Editor, Journal of Cyber Policy
PLEASE NOTE MY NEW EMAIL ADDRESS AND CONTACTS AS OF 1 JANUARY 2017
Magdalen Centre, Oxford OX4 4GA | T: 01865 582885 E: emily.taylor@oxil.co.uk | D: 01865 582811 | M: +44 7540 049322
Registered office: 37 Market Square, Witney, Oxfordshire OX28 6RE. Registered in England and Wales No. 4520925. VAT No. 799526263
.
_______________________________________________ Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review
Ssr2-review mailing list Ssr2-review@icann.org https://mm.icann.org/mailman/listinfo/ssr2-review