Today the 47th Key Signing Ceremony for the DNS Root Zone was conducted in Culpeper, Virginia. What happened? In brief, everything that needed to. A thread... 
Each ceremony is primarily tasked with generating 3 months worth of cryptographic signatures used to verify the authenticity of the root zone. Today signatures were successfully generated that will validate the root zone during January-March 2023.
Seven trusted community representatives, or “keyholders”, play an important part in overseeing how ceremonies are conducted. Many have filled the same role for 12 years. Today two retired and passed on the baton.
Anne-Marie Eklund Löwinder (@amelsec) and Alain Aina (@65db9ffd8997492), recognized experts from Europe and Africa who have served since 2010, stepped down as trusted community representatives.
In their place, Dileepa Lathsara and Pia Gruvö were inducted as new trusted community representatives who will help oversee future ceremonies.
Ceremonies are also opportunities to do necessary maintenance. Today some superseded equipment was decommissioned. This is done during a ceremony so there is full visibility and oversight into the work being conducted.
As always, ceremonies are held with maximum transparency. The ceremony was live streamed, and all the artefacts, including audit footage, will be available in the coming days. iana.org/dnssec/ceremon…
Why so transparent? To promote trust that the private key is properly managed. Given its role as the trust anchor for DNSSEC, maintaining confidence in it's operation is essential.
Other folks at today's ceremony illuminating the process included @packetpusher @DurvidImel @gruvopia @AdamLukas17 @andrespavez @ctg1701, as well as @DavidHuberman1, today's ceremony administrator.
This ceremony is likely the last with special COVID-19 mitigations in place. If circumstances permit, in 2023 we are planning for normal ceremony operations.
The next key signing ceremony is planned for the first week of February in El Segundo, California; not far from the Los Angeles headquarters of @ICANN
You can find a primer on how the ceremonies work and why they are performed this way at kimdavies.com/key-ceremony-p…
Finally, we're always looking for qualified people to be trusted community representatives. We're looking for diverse candidates from different regions and backgrounds.
Oversight works best when different perspectives and a variety of relevant skills are brought to the ceremony by trusted community representatives. Take a look at iana.org/tcr if you're interested or know someone who is a good fit.
If you are just curious and want to watch an admittedly dry ceremony, follow along online (youtube.com/@iana-org) or apply to attend in person (iana.org/help/key-cerem…)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
