Public Comment is a vital part of our multistakeholder model. It provides a mechanism for stakeholders to have their opinions and recommendations formally and publicly documented. It is an opportunity for the ICANN community to effect change and improve policies and operations.
n/a
The attachment is in addition to completing the form
The Domain Name System Security Extensions (DNSSEC) have enabled resolvers, applications and other relying parties to validate DNS data for more than a decade. During that time, following recommended practices for cryptography, DNSSEC key signing and zone signing keys have been updated at various frequencies throughout the DNS hierarchy, including the root, and DNSSEC signature algorithms have been changed occasionally as well, with the first such change at the root now under review.
ICANN’s leadership has been instrumental throughout these changes, from the 2010 rollout of DNSSEC at the root to the first root zone KSK rollover in 2018 to the planning for this algorithm rollover.
Verisign supports the recommendations in the report and appreciates the opportunity to contribute to its development in our role as the Root Zone Maintainer. As the report text is necessarily limited in scope, we also wanted to offer additional observations in three areas that may be helpful in providing broader context for the use of the report: (1) On Mitigating Potential Instability (2) Outreach to Applications Using DNSSEC Trust Chains; and (3) Preparing for Post-Quantum Cryptography.
We encourage continued, data-driven community engagement to prepare for the root zone algorithm rollover and look forward to delivering on the eventual algorithm rollover, further strengthening DNSSEC for the long term.