Key Ceremony Roles

There are a number of different roles for attendees of a key signing ceremony. This document provides an overview of what each of these roles does.

Formal ceremony roles

Role Responsibility
Ceremony Administrator (CA) This role is responsible for the successful execution of the ceremony according to the script. During the ceremony they perform most steps in the script. They decide how the ceremony is performed from the beginning of the script until the end.
Internal Witness (IW) This role is to ensure the ceremony administrator is dutifully following the script, and to record any deviations from the script in the form of exception reporting. They also meet dual-occupancy rules in the ceremony facility with the CA.
Second Ceremony Administrator (CA2) and Second Internal Witness (IW2) These two roles allow dual-occupancy rules to be satisfied in Tier 4 (the ceremony room) when the CA and IW are in Tier 5 (the safe room). They also aid in logistics, such as escorting attendees throughout the KMF facility. They may step in as CA or IW in the event they are unable to fulfill their roles.
3 Cryptographic Officers (COs) Successful execution of normal operations during a key ceremony require 3 of the 7 smart-cards issued for a given HSM to be activated. These community members also enhance trust in the system by vouching to the community the ceremonies are conducted satisfactorily. (Non-staff role)
2 Safe Security Controllers (SSCs) These two individuals open the two safes in the ceremony room — one contains credentials to activate the HSMs, and the other containing the HSMs and supporting equipment.
Root KSK Operations Security (RKOS) Staff from the Cryptographic Business Operations team responsible for managing the KSK. They schedule, plan and execute the ceremony; and are on hand to provide logistical support and clarify questions concerning the proper conduct of the ceremony. They are also responsible for the proper escort of the KSR/SKR into the ceremony.
System Administrator (SA) Operates support systems used in the ceremony, including access control system and audio-visual equipment. Has the competence to resolve technical failures should they arise, and also can escort visitors within the KMF.
Third-party auditor Representative of the organization that audits the ceremony for compliance for the purposes of the SOC3 audit. (Non-staff role)
ZSK representative Representative of the Root Zone Maintainer, which maintains the Root Zone Signing Keys. (Non-staff role)

This table represents the minimum set of attendees to a ceremony. For each role there may be additional staff available as backups who can step into the roles. In particular, we always seek to have at least 4 Cryptographic Officers at each ceremony, to allow a ceremony to be successfully held if one is unable to fully execute their duties.

More information on the CO role is provided on the TCR roles article.

Discretionary Roles

In addition to the aforementioned roles, additional attendees may be at the ceremony.

Role Responsibility
External Witnesses General members if the public who have an interest in attending. This includes community members, as well as members of the press who are reporting on how ceremonies are conducted.
Staff Witnesses Staff members (i.e. of PTI or ICANN) who are present to either train on how to perform a formal role at a future ceremony, or for whom experience in how ceremonies are conducted would benefit their work.

Those who wish to volunteer as external witnesses can find out more information here.

Document last revised 2018-11-06.