<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:HelveticaNeue;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks for this information, this means ISP should care about this rolling process “or DNS provider who does DNSSEC validation” !!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thnx<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">All the Best,
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Abdalmonem Tharwat Galila<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Deputy Manager, Dot Masr Registry</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Operation Sector.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img width="200" height="91" id="_x0000_i1033" src="cid:image001.jpg@01D1E782.8D3F36B0" alt="Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: Description: https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-ash4/268513_180152888707645_7698168_n.jpg"></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">National Telecommunication Regulatory Authority<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img width="12" height="12" id="Picture_x0020_9" src="cid:image002.png@01D1E782.8D3F36B0" alt="Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523405_telephone">
Office Tel.: +2 02 35341582 - +2 02 35341300<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img width="8" height="10" id="Picture_x0020_10" src="cid:image003.png@01D1E782.8D3F36B0" alt="Description: Description: Description: Description: Description: Description: Description: Description: Description: Mobile">
Mobile: +2 010 00049068 <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img width="12" height="12" id="Picture_x0020_11" src="cid:image004.png@01D1E782.8D3F36B0" alt="Description: Description: Description: Description: Description: Description: Description: Description: Description: ICON"> Fax
: +2 02 35370537<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img width="11" height="11" id="Picture_x0020_12" src="cid:image005.png@01D1E782.8D3F36B0" alt="Description: Description: Description: Description: Description: Description: Description: Description: Description: oNLINE">
Website : <a href="http://www.mcit.gov.eg/">http:\\www.mcit.gov.eg</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> :
<a href="http://www.mcit.gov.eg/">http:\\www.tra.gov.eg</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img border="0" width="10" height="10" id="Picture_x0020_13" src="cid:image006.png@01D1E782.8D3F36B0" alt="Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523294_email">
E-mail : <a href="mailto:agalila@mcit.gov.eg">agalila@mcit.gov.eg</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> :
<a href="mailto:atharwat@tra.gov.eg">atharwat@tra.gov.eg</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img border="0" width="11" height="11" id="Picture_x0020_7" src="cid:image007.png@01D1E782.8D3F36B0" alt="1447802547_skype"> Skype : abdalmonem.galila<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><img border="0" width="179" height="179" id="Picture_x0020_8" src="cid:image008.png@01D1E782.8D3F36B0" alt="static_qr_code_without_logo"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:red"><img border="0" width="26" height="26" id="Picture_x0020_14" src="cid:image009.png@01D1E782.8D3F36B0" alt="Description: Description: Description: Description: Description: Description: Description: Description: Description: 1365523469_error">DISCLAIMER<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> This e-mail and any files transmitted with it are
<b>confidential </b>and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify your system support manager. Please note that any views or opinions presented in this email
are solely those of the author and do not necessarily represent those of the <b>
National Telecom Regulatory Authority (NTRA) </b>. Finally, the recipient should check this email and any attachments for the presence of viruses. The NTRA accepts no liability for any damage caused by any virus transmitted by this email.</span><span style="font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> dns-wg [mailto:dns-wg-bounces@ripe.net]
<b>On Behalf Of </b>Matt Larson<br>
<b>Sent:</b> Tuesday, July 26, 2016 9:10 PM<br>
<b>To:</b> dns-wg@ripe.net<br>
<b>Subject:</b> [dns-wg] Plan documents for root KSK roll project now available<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">On Friday, July 22, in the interests of transparency and to notify the DNS operational community, ICANN posted <a href="https://www.icann.org/resources/pages/ksk-rollover#operational-plans">plans</a> to
roll the root zone key signing key (KSK). These plans were developed by the Root Zone Management Partners: ICANN in its role as the IANA Functions Operator, Verisign acting as the Root Zone Maintainer, and the U.S. Department of Commerce's National Telecommunications
and Information Administration (NTIA) as the Root Zone Administrator. The plans incorporate the <a href="https://www.iana.org/reports/2016/root-ksk-rollover-design-20160307.pdf">March 2016 recommendations</a> of the Root Zone KSK Rollover Design Team, after
it sought and considered <a href="https://www.icann.org/news/announcement-2013-03-08-en">public comment</a> on a proposed rollover process.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">The process of creating a new key, using it to sign the root DNSKEY RRset and securely destroying the old key will start in Q4 2016 and last until Q3 2018, though the portions resulting
in visible changes in DNS occur between Q3 2017 and Q1 2018. The important milestones in the project are:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">- October 26, 2016: The new KSK is generated in ICANN's U.S. East Coast key management facility (KMF).<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">- February, 2017: The new KSK is copied to ICANN's U.S. West Coast KMF and is considered operationally ready, and ICANN publishes the new key at <a href="https://data.iana.org/root-anchors/root-anchors.xml">https://data.iana.org/root-anchors/root-anchors.xml</a>.
(The exact date is dependent on the timing of the Q1 2017 key ceremony, which has not yet been scheduled.)<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">- July 11, 2017: The new KSK appears in the root DNSKEY RRset for the first time.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">- October 11, 2017: The new KSK signs the root DNSKEY RRset (and the old KSK no longer signs). <i>This date is the actual KSK rollover.</i><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">- January 11, 2018: The old KSK is published as revoked (per RFC 5011, "Automated Updates of DNS Security").<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-family:"HelveticaNeue","serif"">What you need to do</span></b><span style="font-family:"HelveticaNeue","serif""><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">If you operate any software performing DNSSEC validation (such as a security-aware recursive name server) that implements the RFC 5011 automated trust anchor update protocol and this functionality
is enabled, you have no action: your software will notice the new KSK (authenticated by the old KSK) and update its trust anchor store accordingly.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">If you operate any software performing DNSSEC validation that does not implement RFC 5011 or if you don't use the RFC 5011 protocol, you will need to update your software's trust anchor
configuration manually to add the new KSK <b>before October 11, 2017</b>. You can obtain the new KSK in February, 2017, using one of the methods described in the "Trust Anchor Publication" section of <a href="https://www.icann.org/en/system/files/files/ksk-rollover-operational-implementation-plan-22jul16-en.pdf">2017
KSK Rollover Operational Implementation Plan</a> (one of the aforementioned recently published plans).<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">If you write, package or distribute software that performs DNSSEC validation and you hard code the root KSK (e.g., in code or configuration files), you should update your software with the
new KSK when it becomes available in February, 2017.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-family:"HelveticaNeue","serif"">Staying informed</span></b><span style="font-family:"HelveticaNeue","serif""><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">ICANN will post occasional notices to various operational forums to keep the community informed of this project's progress, but we strongly suggest that anyone with an interest subscribe
to the <a href="https://mm.icann.org/mailman/listinfo/ksk-rollover">root KSK rollover mailing list</a> operated by ICANN (<a href="mailto:ksk-rollover@icann.org">ksk-rollover@icann.org</a>). The list is extremely low volume.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">The ICANN staff supporting and implementing the root KSK rollover project welcome your questions and comments: please direct them to the <a href="mailto:ksk-rollover@icann.org">ksk-rollover@icann.org</a> list.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif""><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">Matt<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">--<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"HelveticaNeue","serif"">Matt Larson<br>
VP of Research<br>
Office of the CTO, ICANN</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>