Trusted Community Representative Roles
This document explains the various roles performed by trusted community representatives, and explains the general expectation for the kinds of activities each type of role plays. The CO and RKSH roles are formally defined in our DNSSEC Practice Statement.
Cryptographic Officer
Cryptographic Officers play an important role in routine management of the Root Zone KSK. They attend regularly scheduled key signing ceremonies, and bring to the ceremony a safety deposit box key. This key is used in the ceremony to access credentials used to perform signing operations. While attending the ceremonies, the Cryptographic Officers witness the ceremony — providing feedback during the ceremony, and attesting back to the community at large that the ceremonies were conducted in a proper fashion. Between ceremonies, they are responsible for keeping their key safe and secure.
Primary Obligations
Volunteers for the CO position should plan to make the following commitments to the roles.
| Frequency (approx.) | Task |
|---|---|
| 1-2 times per year | Travel to a key ceremony at one of our two KMFs, performing the role of CO during a regularly scheduled key ceremony. |
| At all times | Maintain valid travel documentation[^Such as a valid passport, and US entry visa if necessary.] that would allow for travel to a KMF at short notice. |
| Every 5 years | Provide required documentation to allow background checks to be performed to meet the controls described in the DPS. |
| At all times | Immediately report any activity that may have compromised the security of their safety deposit box key. |
| Rare | In the unexpected event of a serious emergency, be able to travel to KMF for an emergency key ceremony at short notice (it is expected such ceremonies will be conducted approximately 48-72 hours after being announced.) |
| Upon retirement | Attend a final ceremony to securely transfer credentials to successor. |
Recovery Key Share Holder
The primary role of a Recovery Key Share Holder is to maintain secure custody of a smart card, which needs to be presented at one of our KMFs in the event of a catastrophic disaster. These smart cards are used to un-encrypt backups of the KSK should there be a widespread failure of our production systems.
An RKSH does not need to attend regular ceremonies. After their initial induction, their main involvement is when an emergency reconstruction of the KSK needs to occur. As part of our routine validation processes, we may recall an RKSH from time-to-time to test their card is still functioning correctly.
Primary Obligations
Volunteers for the RKSH position should plan to make the following commitments to the roles.
| Frequency (approx.) | Task |
|---|---|
| Initially | Attend a ceremony to be issued with credentials for safe keeping (either through a generation event, or through documented hand-off from another RKSH) |
| At all times | Maintain valid travel documentation that would allow for travel to a KMF at short notice. |
| Annually | Provide evidence of the safe custody of the materials (i.e. TEB and card) along with attestation. |
| Rare | In the unexpected event of a serious emergency, be able to travel to a KMF for an emergency key ceremony at short notice (it is expected such ceremonies will be conducted approximately 48-72 hours after being announced.) |
| Every 5 years | Provide required documentation to allow background checks to be performed to meet the controls described in the DPS. |
| Every 5 years | Travel to a key ceremony to either validate the function of the materials or update the cards. |
| Upon retirement | Attend a final ceremony to safely transfer credentials to successor. |
Backup TCR
In addition to the CO and RKSH roles, a pool of interested candidates is maintained so that should a CO or RKSH need to step down from their role, pre-vetted individuals are available to step into those roles.
Primary Obligations
Volunteers in the Backup TCR pool need to make the following commitments.
| Frequency (approx.) | Task |
|---|---|
| At all times | Maintain valid travel documentation that would allow for travel to a KMF at short notice. |
| At all times | Notify us if no longer eligible or able to step into the role of RKSH or CO. |
| Annually | Re-affirm ongoing eligibility and availability to step into a TCR role as required. |
| Every 5 years | Provide required documentation to allow background checks to be performed to meet the controls described in the DPS. |