Review of Trusted Community Representation in Root Zone DNSSEC Key Signing Ceremonies
Comments are welcome on any aspect of the consultation, and specifically on the following questions: I am one of the Trusted Community Representatives acting as Crypto Officer for the US West Coast Facility [1].1. Is the current TCR model effectively performing its function of ensuring trust in the KSK management process? The short answer is yes. All the Key ceremonies up to now have been completed without significant problems. The post-ceremony discussions were the practice followed by US West Coast Facility Crypto Officers before it was formalized by ICANN. It has contributed to improvements in the formal script for predictability and to increase the transparency of the process.During a public discussion in a non-ICANN venue there was a question about whether coercion was taken into consideration in the threat model for the KSK management process. It is a matter for ICANN to address if it believes that it is an issue. 2. Is the current size of the TCR pool appropriate to ensure sufficient participation in the ceremonies, while not overburdening the availability of specific volunteers? The current size of the TCR pool seems adequate. The difficulty in getting at least four Crypto Officers at the US West Coast Facility can be attributed to lack of funds for travel. The above question mentions participation in theceremonies instead looking at what is necessary for the successful completion of the ceremonies. There is the question of logistics, i.e. will the CryptoOfficers encounter unpredictable air travel difficulties. There is the question of whether there may be technical difficulties during a ceremony which are outside the control of the Crypto Officers or the ICANN personnel participating in the ceremony.3. Should there be a minimum level of participation required of a TCR in order to be considered to be successfully discharging their duties? It is mentioned in the ICANN TCR Proposal [1] that: "The basic responsibilities of a TCR in the role of Crypto Officer require amaximum commitment of time of roughly equivalent to two days, four (4) times a year at Key ceremonies." As Crypto Officer I believe that the commitment is to be taken seriously andthat I am personally accountable to the wider Internet community for the duties I perform. I am not aware of any concerns raised by ICANN or anyone else about my level of participation. I consider it as my responsibility to verify that the ceremony material I have physical access to has not been tampered with. It is not possible to do that without a minimum level of participation.4. There is no standard provision to refresh the list of TCRs except when they are replaced due to inability to effectively perform their function. Should there be a process to renew the pool of TCRs, such as using term limits or another rotation mechanism? As far as I am aware there isn't any mechanism to assess whether the TCRs are performing their functions effectively.On one hand a Crypto Officer may be expected to act with candor and provide an honest assessment; on the other hand, ICANN might take adverse action if the assessment does not suit its interests.It is worthwhile to start thinking about a process to address the question of
renewal of the pool of TCRs.
From the Consultation document [3]:
"Since July 2010, the DNS Root Zone has been secured using DNSSEC."
There is a reference to http://www.root-dnssec.org/. That web site does not
contain an up-to-date list of TCRs. A "Root Zone DNSSEC KSK
Ceremonies Guide"
is available at http://www.root-dnssec.org/documentation/ That document is listed as a draft. I suggest publishing a final version of the document as it is useful to gain an understanding of the Key ceremony.5. The current model does not compensate TCRs for their services in order to ensure their independence from ICANN. a. Should the model of TCRs paying the costs of their participation be retained? b. Would some form of compensation to offset the expenses incurred by the TCRs
detract from their independence in performing the role?
c. If you support compensating TCRs for their expenses, are there
requirements
or limitations on whom the funding organization should be?
I was unable to attend the key ceremony held in February 2012 due to lack of
funding. I informed ICANN accordingly.
The travel expenses incurred by a person from a far away country to attend
the Key ceremony in the United States is comparatively much higher than for
a person from North America. It is very difficult to find a funding
organization which will volunteer to offset the expenses.
I don't think that the current model (question 5 (a)) is viable in
the long term.
I gather that the word "independence" in question 5(b) refers to "integrity, objectivity, and intelligence, with reputations for sound judgment and open minds;". Quoting the Consultation document [3]:"Each ceremony is attended by ICANN staff, the TCRs, representatives of the
Root Zone Maintainer (Verisign), representatives of an independent audit
firm retained by ICANN to monitor the process, and often
additional external
witnesses."
The audit firm retained by ICANN to monitor the process is
considered as being
independent even though it receives a remuneration. It is an insincereargument if it is considered that offsetting the expenses of a Crypto Officer qualifies as lack of integrity. It is unrealistic to require "broadest cultural and geographic diversity consistent with meeting the other criteria" [2] if ICANN does not take into account the expenses incurred by people who do not have the means to face that financial burden.In response to question 5(c) I suggest that ICANN takes into consideration whether the funding organization will be held accountable for the disruption to a Key ceremony if the organization does not act in a timely manner. It is discouraging to see that asking ICANN to cover the cost of the airline ticket and a cheap hotel might be viewed as detracting Crypto Officers from their independence in performing their role. S. Moonesamy 1. http://www.root-dnssec.org/tcr/selection-2010/2. http://www.root-dnssec.org/wp-content/uploads/2010/04/ICANN-TCR-Proposal-20100408.pdf 3. http://www.icann.org/en/about/staff/security/tcr-dnssec-key-signing-21jan14-en.pdf |