CommunityDNS CEO holds Recovery Key Share for ROOT Zone
(Bath University's Innovation Centre, UK - June 21, 2010)
Paul Kane, active in the computer networking industry for over 25 years, is CEO of CommunityDNS, Manager of multiple ccTLD Registries and Chair of the DNS Infrastructure Resilience Task Force (www.dir.org). Chosen by ICANN to serve as the Trusted Community Representative (TCR) from Western Europe, Paul is responsible for safe-guarding a share of the ROOT Zone's DNSSEC Recovery Key.
Seven TCR Recovery Key Share Holders are needed from around the world, and the TCRs are from Burkina Faso, Canada, China, the Czech Republic, Trinidad and Tobago, US and Paul from the UK. Each TCR is a respected member of the technical Domain Name System (DNS) community. The involvement of these independent participants provides transparency of process -- a successful key ceremony is only possible if the TCRs involved are satisfied that all steps were executed accurately and correctly.
The process of public TCR nomination resulted in over 60 candidates from the European region being considered by the selection panel, resulting in Paul being chosen. As a citizen of the United Kingdom, Paul traveled to a secure data centre location in the US to participate in the world's first DNSSEC Key Generation Ceremony for the ROOT Zone. The ROOT is the source of "all knowledge" for using the Internet's naming system.
Following the generation of the cryptographic Master Key it was split and exported to two sets of Recovery Key Shares. Two Recovery Key Shares (one from each set) were then placed in a tamper-evidence bag, one of which was handed to Paul Kane for safe keeping.
Notes for journalists
- DNSSEC is a new and enabling technology for a new range of services and applications, (yet to be developed) where there is a need for authentication of DNS data
- DNSSEC is likely to be used by a small number of "important" operators where the remote user needs to be able to verify (DNS Data) and establish they are communicating with the intended and legitimate party.
- DNSSEC is a "hook" on which other services can be developed.
- The purpose of the Trusted Community Representatives and Key Holders is to demonstrate that the DNSSEC disaster recovery plan has been well thought through and professionally executed by ICANN (which it has); has multiple levels of security where no single party can "control" (switch on/off) any part of the DNSSEC service.
- DNSSEC supplements the current insecure Internet, which will continue to be used by the majority of Internet users for day-to-day communication.
- The technical standards of DNSSEC have been developed over more than 10 years by volunteers participating in the "open to all" DNSSEC Working Group of the Internet Engineering Task Force (www.IETF.org - RFC 4033, RFC 4034, and RFC 4035).
Video describing the process: http://www.cdns.net/key-signing.html
Original Press Release (incl photos): http://www.cdns.net/DNSSEC-PR.pdf
We have a media recording suite in our offices for both Audio and Video with short set-up times.
For information about DNSSEC for the Root Zone - please see http://www.root-dnssec.org/
With offices in the US, the UK and Japan, CommunityDNS is the global Anycast provider whose network was engineered for security, optimized for speed and designed for resiliency. Successfully supporting over 120 million domain names from over 97 TLDs, CommunityDNS processes 25 billion queries per day. With security integral in the network's initial design, CommunityDNS was chosen to work in a study commissioned by the EU Commission's office of the Directorate General for Justice, Freedom and Security regarding Internet resiliency for the European Union. Fully supporting IPv6, DNSSEC and IDNs, CommunityDNS provides global DNS Anycast services, fully managed DNS platform services and DNS white-labeling.
More information regarding CommunityDNS may be found at http://www.cdns.net/facts.html