Common Questions on Trusted Community Representatives

Who pays for travel?

We provide a travel support program for trusted community representatives that covers airfares, accommodation and other costs. This program is optional, and TCRs may choose to arrange their own travel at their own cost.

What part of the TCR Statement of Interest will be published?

A list of names and country of citizenship of selected TCR candidates will be published, but any details (e.g. references) submitted will be kept confidential.

How long is a typical key ceremony and what has been the longest ceremony so far?

Typical ceremonies last approximately 4 hours. See our typical ceremony schedule for a rundown on how they are configured.

The first key ceremony took around 8 hours. A slightly longer ceremony occurred in 2024 when new cryptographic hardware and credentials were introduced.

How often should a Crypto Officer expect to travel to a ceremony?

Crypto Officers have the opportunity to attend two ceremonies per year according to our standard ceremony cadence. To handle travel problems (e.g. delayed flights), we will call more than the 3 Crypto Officers required for a typical ceremony. This equates to 1-2 trips per year for a Crypto Officer, with an average of 1 trip per year expected.

How often should a Recovery Key Share Holder (RKSH) expect to travel to a ceremony?

Except for the first ceremony, in which the Recovery Key Share Holders were needed for both phases (and thus had to travel between the east and west coast facilities), the Recovery Key Share Holders are not expected to travel to a ceremony except in case of a key management emergency. Infrequent opportunities exist for an RKSH to participate in ceremonies such as key generation or new hardware introduction.

Can a Recovery Key Share Holder pass international borders with their issued recovery credentials?

As the contents of the credentials do not contain a complete cryptographic key and only a small fragment, import/export restrictions have not been a problem historically.

It is safe to pass the recovery credentials through airport x-ray and security screening, just like it is safe to pass your credit cards or other electronics.

Where should a Recovery Key Share Holder keep their credentials?

A safe deposit box (or equivalent) at the Recovery Key Share Holder’s local bank is an ideal choice. Credentials should be protected from theft and physical damage (e.g., fire, flooding).

How often is possession of Recovery Key Share Holder credentials verified?

The KSK operator DNSSEC Practice Statement (DPS) states that verification of Recovery Key Shares should be performed annually. This will typically be performed by having each Recovery Key Share Holder submit a picture of their credentials.

What happens if a Recovery Key Share Holder loses their key share?

If more than one key share is lost, we will plan to replace the recovery key and recommission the share holders.