How does the ICANN Key Ceremony Work?
Saw an amazing thread on twitter from Kim Davies, bio: Internet tinkerer · Chief parameter wrangler @theiana @icann
Also recommend to read his blog, https://kimdavies.com/key-ceremony-primer
What are key ceremonies?
Every three months when the key signing key is applied to other keys, it needs to be done in a way that proves the key signing key is not tampered with, and is not used for any other purposes. To accomplish this, a very public event is held called a “key ceremony”. At this ceremony, experts attend from around the world to use the key signing key, and examine each step of the process to ensure it is done correctly. The whole process is recorded, live-streamed, and watched by independent auditors.
From his epic twitter thread:
Kim Davies @kjd Nov 4, 2022
Each ceremony is primarily tasked with generating 3 months worth of cryptographic signatures used to verify the authenticity of the root zone. Today signatures were successfully generated that will validate the root zone during January-March 2023.
Seven trusted community representatives, or “keyholders”, play an important part in overseeing how ceremonies are conducted. Many have filled the same role for 12 years. Today two retired and passed on the baton.
Anne-Marie Eklund Löwinder (@amelsec) and Alain Aina (@65db9ffd8997492), recognized experts from Europe and Africa who have served since 2010, stepped down as trusted community representatives.
In their place, Dileepa Lathsara and Pia Gruvö were inducted as new trusted community representatives who will help oversee future ceremonies.
Ceremonies are also opportunities to do necessary maintenance. Today some superseded equipment was decommissioned. This is done during a ceremony so there is full visibility and oversight into the work being conducted.
As always, ceremonies are held with maximum transparency. The ceremony was live streamed, and all the artifacts, including audit footage, will be available in the coming days. https://iana.org/dnssec/ceremonies/47
Why so transparent? To promote trust that the private key is properly managed. Given its role as the trust anchor for DNSSEC, maintaining confidence in it's operation is essential.
Other folks at today's ceremony illuminating the process included @packetpusher @DurvidImel @gruvopia @AdamLukas17 @andrespavez @ctg1701, as well as @DavidHuberman1, today's ceremony administrator.
This ceremony is likely the last with special COVID-19 mitigations in place. If circumstances permit, in 2023 we are planning for normal ceremony operations.
The next key signing ceremony is planned for the first week of February in El Segundo, California; not far from the Los Angeles headquarters of @ICANN
You can find a primer on how the ceremonies work and why they are performed this way at https://kimdavies.com/key-ceremony-primer
Finally, we're always looking for qualified people to be trusted community representatives. We're looking for diverse candidates from different regions and backgrounds.
Oversight works best when different perspectives and a variety of relevant skills are brought to the ceremony by trusted community representatives. Take a look at https://iana.org/tcr if you're interested or know someone who is a good fit.
If you are just curious and want to watch an admittedly dry ceremony, follow along online (https://youtube.com/@iana-org) or apply to attend in person (https://iana.org/help/key-ceremony-attendance)
Watch the Full 3 Hour Ceremony on Youtube Here
Blockchain Is About Replacing “Trust”
So my connection to Handshake and blockchain in general, is this is what is supposed to IMPROVE on the problem of trust.
Not streaming a 3 hour video on youtube of 7 key holders in a LA vault signing keys.
It is about 24/7 global trustless verification (proof of work) blockchain that can verify transactions and not need to have trusted parties gather in person.
This is why I felt more connected to Handshake than other web3 naming solutions there is an allocation to ICANN of HNS coin, and there is a plan to integrate the old web and the new web - JJ says it best at our first HandyCon here - soft fork of the internet.
Handshake welcomes ICANN and wants to bridge web2 and web3 together, seamlessly.