[council] FW: Trusted Community Representatives

["Gomes, Chuck" <cgomes@xxxxxxxxxxxx>]

Please note the request for provisional Trusted Community Representatives 
(TCRs) for the root key generation and signing ceremonies : 
http://www.icann.org/en/announcements/announcement-12apr10-en.htm 
<http://www.icann.org/en/announcements/announcement-12apr10-en.htm>  .  And 
especially note the very short window for expressions of interest : Friday, 23 
April.

Please distribute this in your respective groups immediately.

Thanks, Chuck


________________________________

From: Glen de Saint Géry [mailto:Glen@xxxxxxxxx] 
Sent: Friday, April 16, 2010 5:13 PM
To: Olga Cavalli; Gomes, Chuck; Stéphane Van Gelder
Cc: gnso.secretariat@xxxxxxxxx
Subject: FW: Trusted Community Representatives 





======================================================

Message from Doug Brent

Dear Chairpersons of the ICANN Supporting Organizations and Advisory Committees:
 
As you know, ICANN (as the IANA functions operator) is working jointly with 
VeriSign (as the root zone maintainer) in the process of making the root of the 
DNS more secure through the implementation of DNSSEC. As part of this joint 
effort with the US Department of Commerce, ICANN will seek on a provisional 
basis the participation of a number of persons to participate in the root key 
generation and signing ceremonies.  These persons are called Trusted Community 
Representatives ("TCRs"). 
 
The TCRs will be chosen by ICANN based on Statements of Interest from the 
Internet community. The initial TCR selection will be on a provisional basis, 
to determine the viability of the approach based upon the first initialization 
of the Hardware Security Modules (HSMs) and key generation that are scheduled 
to take place in June of this year.   
 
There are two types of TCRs - a "Crypto Officer" and a "Recovery Key Share 
Holder".  A Crypto Officer participates in activating (enabling) the HSM 
containing the private half of the DNSSEC root Key Signing Key (KSK) before 
that module may be used for cryptographic operations.  Seven (7) individuals 
are designated for each ICANN-operated secure KSK facility, with one facility 
located on the U.S. East Coast and another facility on the U.S. West Coast, for 
a total of 14 Crypto Officers.  It is expected that each TCR will be required 
to travel to either the US East or West Coast ICANN KSK facility up to four (4) 
times a year.  
 
A Recovery Key Share Holder is responsible for protecting a part of a key used 
to encrypt backup copies of the HSM contents.  Each share holder is responsible 
for keeping a smart card (in a tamper-evident bag) in a bank safe deposit box 
accessible by them.  Seven (7) individuals are required.  After HSM 
initialization, the share holder is not expected to participate in any 
scheduled ceremonies, but must be able to travel to an ICANN KSK facility in 
the US on relatively short notice at any time when requested.  Share holders 
must participate in the annual inventory by providing proof of possession of 
their smart card.  
 
As leaders of the ICANN community, we would like to ask you to help communicate 
this opportunity to qualified individuals to serve as TCRs.  We intend to 
select individuals that are committed to the security of the DNS and, as much 
as possible, reflect geographic diversity. Qualified candidates should be 
knowledgeable about the technical functions for which ICANN has 
responsibilities. 
 
For an individual to be considered, he or she must submit a Statement of 
Interest following the application procedures that are to be published on the 
ICANN and http://www.root-dnssec.org/tcr/ websites.  Based on these 
submissions, ICANN will select 21 TCRs along with a reserve list of candidates 
for use as replacements if needed.  For more information about the TCR program 
and the application and selection process, please visit 
http://www.root-dnssec.org .
 
TCRs will serve an important function in enhancing the security  of the DNS and 
to the greatest extent possible should reflect the diverse makeup of the ICANN 
community.  Please help us communicate this need.
 
Thank you in advance for your help and consideration.  If you have any 
questions, please let me  know.
 

Thanks,
Doug
-- 
Doug Brent
Chief Operating Officer
ICANN
Voice: +1 310.301.3871
Mobile: +1 650.996.4447
Fax: +1 310.823.8649