|
|
Line 1: |
Line 1: |
| '''TCR''' or '''Trusted Community Representative''' is a term given by [[ICANN]] to those who hold the keys to [[DNSSEC]] of Internet. Every TCR has been given a part of the master key. The first key signing ceremony took place on 16th June 2010. [[ICANN]] has taken this decision to avoid any terrorist attack or any other catastrophic event on the Internet. If it ever happened, the TCRs will meet at one place, generate a master key and will reboot the [[DNS]]. They are not rebooting the entire Internet, as many news outlets have stated, but rather rebooting the DNSSEC protocols, implemented in 2010, that protect the DNS.<ref>[http://www.technewsdaily.com/845-internet-key-holders-are-insurance-against-cyber-attack.html Internet Keyholders are Insurance against Cyber-Attack, TechNewsDaily.com]</ref> There are twenty-one TCRs selected by [[ICANN]] around the globe.<ref>[http://www.root-dnssec.org/tcr/ Root-DNSSEC]</ref><ref>[http://www.eweekeurope.co.uk/news/briton-holds-key-to-rebooting-the-internet-8670 eWeekEurope]</ref> | | '''TCR''' or '''Trusted Community Representative''' is a term given by [[ICANN]] to those who participate in ceremonies that manage the DNS Root Key Signing Key. The Root Key Signing Key is central to implementing [[DNSSEC]] for the Internet. Every TCR has been given credentials that are used to interact with the master key during key signing ceremonies. The first key signing ceremony took place on 16th June 2010. |
|
| |
|
| Every TCR is given two identical copies of a smartcard, sealed in a tamper-evident bag, that contain encrypted parts of the root DNSSEC key.
| | [[ICANN]] uses the participation of TCRs to ensure trust in the process of managing the Root Key Signing Key. In normal operations, ICANN is unable to utilise the Root Key Signing Key without the participation of a number of TCRs called "Cryptographic Officers" to unlock the cryptographic devices that contain the private key. In a disaster-recovery scenario, another set of TCRs called "Recovery Key Share Holders" are needed to decrypt backups of private key. |
| ==Current TCRs==
| |
| ===Main TCRs===
| |
| There are seven main recovery key share holders, five of them are needed to meet in a secure location in the US should the DNS falter. This set-u also effectively prevents any one single person from turning DNSSEC on or off.<ref>[http://www.technewsdaily.com/845-internet-key-holders-are-insurance-against-cyber-attack.html Internet Keyholders Insurance Against Cyber-Attack, TechNewsDaily.com]</ref> The seven main representatives are:<ref>[https://www.dnssec-deployment.org/index.php/2010/06/icann-names-trusted-community-representatives/ DNSSEC-Deployment]</ref>
| |
| | |
| * [[Bevil Wooding]], Trinidad Tobago
| |
| * [[Dan Kaminsky]], USA
| |
| * [[Jiankang Yao]], China
| |
| * [[Moussa Guebre]], Burkina Faso
| |
| * [[Norm Ritchie]], Canada
| |
| * [[Ondřej Surý]], Czech Republic
| |
| * [[Paul Kane]], UK
| |
| | |
| ===Crypto Officers for the US East Coast Facility===
| |
| [[ICANN]] selected backup members as well. They are:
| |
| | |
| * [[Alain Aina]], BJ
| |
| * [[Anne-Marie Eklund Löwinder]], SE
| |
| * [[Federico Neves]], BR
| |
| * [[Gaurab Upadhaya]], NP
| |
| * [[Olaf Kolkman]], NL
| |
| * [[Robert Seastrom]], US
| |
| * [[Vinton Cerf]], US
| |
| | |
| ===Crypto Officers for the US West Coast Facility===
| |
| * [[Andy Linton]], NZ
| |
| * [[Carlos Martinez]], UY
| |
| * [[Dmitry Burkov]], RU
| |
| * [[Edward Lewis]], US
| |
| * [[João Luis Silva Damas]], PT
| |
| * [[Masato Minda]], JP
| |
| * [[Subramanian Moonesamy]], MU
| |
| | |
| ===Backup Crypto Officers===
| |
| * [[Christopher Griffiths]], US
| |
| * [[Fabian Arbogast]], TZ
| |
| * [[John Curran]], US
| |
| * [[Nicolas Antoniello]], UY
| |
| * [[Rudolph Daniel]], UK
| |
| * [[Sarmad Hussain]], PK
| |
| * [[Ólafur Guðmundsson]], IS
| |
| | |
| ===Backup Recovery Key Share Holders===
| |
| * [[David Lawrence]], US
| |
| * [[Dileepa Lathsara]], LK
| |
| * [[Jorge Etges]], BR
| |
| * [[Kristian Ørmen]], DK
| |
| * [[Ralf Weber]], DE
| |
| * [[Warren Kumari]], US
| |
| | |
| ==References==
| |
| {{reflist}}
| |
|
| |
|
| | * [https://www.iana.org/dnssec/tcrs/ List of Trusted Community Representatives] |
|
| |
|
| __NOTOC__ | | __NOTOC__ |
|
| |
|
| [[Category:Glossary|TCR]] | | [[Category:Glossary|TCR]] |
TCR or Trusted Community Representative is a term given by ICANN to those who participate in ceremonies that manage the DNS Root Key Signing Key. The Root Key Signing Key is central to implementing DNSSEC for the Internet. Every TCR has been given credentials that are used to interact with the master key during key signing ceremonies. The first key signing ceremony took place on 16th June 2010.
ICANN uses the participation of TCRs to ensure trust in the process of managing the Root Key Signing Key. In normal operations, ICANN is unable to utilise the Root Key Signing Key without the participation of a number of TCRs called "Cryptographic Officers" to unlock the cryptographic devices that contain the private key. In a disaster-recovery scenario, another set of TCRs called "Recovery Key Share Holders" are needed to decrypt backups of private key.