Security News > 2020 > February > DNSSEC Keysigning Ceremony Postponed Because of Locked Safe

DNSSEC Keysigning Ceremony Postponed Because of Locked Safe
2020-02-14 12:07

Only specific named people are allowed to take part in the ceremony, and they have to pass through several layers of security - including doors that can only be opened through fingerprint and retinal scans - before getting in the room where the ceremony takes place.

One contains a hardware security module that contains the private portion of the KSK. The module is activated, allowing the KSK private key to sign keys, using smart cards assigned to the ceremony participants.

Once the ceremony is complete - which takes a few hours - all the pieces are separated, sealed, and put back in the safes inside the secure facility, and everyone leaves.

As soon as they discovered the problem, everyone involved, including those who had flown in for the occasion, were told that the ceremony was being postponed.

Thanks to the complexity of the problem - a jammed safe with critical and sensitive equipment inside - they were told it wasn't going to be possible to hold the ceremony on the back-up date of Thursday, either.


News URL

https://www.schneier.com/blog/archives/2020/02/dnssec_keysigni.html