In response to public consultation - Review of Trusted Community Representation in Root Zone DNSSEC Key Signing Ceremonies
To whom it may concern. I serve as one of the current TCR's of the west coast, and probably holding the record of "number of ceremonies attended". I would like to make some comments on the consultation. First of all I appreciate the initiative, I believe it is important to have this kind of review made after a number of years, even though we all contribute to make continuous improvements to the performance of each ceremony. 1. Is the current TCR model effectively performing its function of ensuring trust in the KSK management process? Yes, I believe it is. The process is open and transparent, and the people attending carefully selected for having gained trust from different parts of the global internet community. 2. Is the current size of the TCR pool appropriate to ensure sufficient participation in the ceremonies, while not overburdening the availability of specific volunteers? The consultation paper states that as a key part of this process, "a minimum of three from a pool of 21 trusted community representatives (TCRs) attend each ceremony to enable access to the secure materials". In my opinion, this is not entirely true. First of all, there are more than 21 people in total involved and selected to perform different roles. Seven Crypto Officers for the US East Coast Facility Seven Crypto Officers for the US West Coast Facility Seven Recovery Key Share Holders In order to be able to replace people when needed there are also a number of backups appointed: Seven Backup Crypto Officers Six Backup Recovery Key Share Holders Today, one of the backup crypto officers has been replacing an East Coast TCR who wanted to step down, meaning that there are now six Backup Crypto Officers left. Given that the TCRs credentialed as crypto officers for each of the two facilities are not able to fill in for each other, as the credentials covers either the west coast facility or the east coast facility, the number might be a bit on the low side, since the ideal number attending the ceremony is at least 4 Crypto Officers on each ceremony. The number could be increased to at least eight TCR's per site. I wouldn't mind to bring in someone from the backup Crypto Officers to become regular. The number of backups seems to be unreasonably high, since they very rarely are called for. 3. Should there be a minimum level of participation required of a TCR in order to be considered to be successfully discharging their duties? Yes, I am convinced that it is important to attend regularly, at least once a year, to keep up the skills and knowledge, carefully observing and auditing as well as more directly contribute to the performance of the ceremony. Another important issue is to check on the credentials to verify that they haven't been accessed and tampered with. In order to do that, you need to be there, physically. 4. There is no standard provision to refresh the list of TCRs except when they are replaced due to inability to effectively perform their function. Should there be a process to renew the pool of TCRs, such as using term limits or another rotation mechanism? There seems to be a process for replacing a TCR that wants to step down, which has been exercised once so far. But there are no provisions at all for removing a TCR who hasn't been able to participate for a series of ceremonies. That will be needed if the decision is to have a required minimum level of participation. 5. The current model does not compensate TCRs for their services in order to ensure their independence from ICANN. a. Should the model of TCRs paying the costs of their participation be retained? It might be difficult to find new TCRs willing to arrange for their own costs, now when the excitement about the root signing has come down to a more normal level. This is operations as usual, and should be carefully performed. b. Would some form of compensation to offset the expenses incurred by the TCRs detract from their independence in performing the role? No, not from my point of view. The TCR's were selected through quite a strict procedure, and from my opinion our integrity should be a enough to guarantee our independence. c. If you support compensating TCRs for their expenses, are there requirements or limitations on whom the funding organization should be? No, as long as the terms and conditions are open and transparent, I don't think so. Representing a ccTLD, I find it extremely important that this procedure is taken care of with a very high level of trust and professionalism. Kind regards, Anne-Marie Eklund Löwinder Chief Information Security Officer .SE (The Internet Infrastructure Foundation) Direct: +46(8)-452 35 17 | Mobile: +46(73)-43 15 310 Twitter: @amelsec Mail: PO Box 7399, SE-103 91 Stockholm, Sweden Visitors: Ringvägen 100 https://www.iis.se/en/ Attachment:
PGP.sig |