Common Questions on Trusted Community Representatives

Who pays for travel?

We provide a travel support program for trusted community representatives that covers airfares, accommodation and other costs. This program is optional, and TCRs may choose to arrange their own travel at their own cost.

What part of the TCR Statement of Interest will be published?

A list of names and country of citizenship of selected TCR candidates will be published, but any details (e.g. references) submitted will be kept confidential.

How long is the key ceremony?

Typical ceremonies take 3-4 hours, see our typical ceremony schedule for a rundown on how they are configured.

The first key ceremony is expected to be the longest and took around 8 hours. Longer ceremonies in the future will likely be when there needs to be a re-issuing of credentials due to personnel changes or the need to rebuild the KSK.

How often should a CO expect to travel to a ceremony?

To handle travel problems (e.g. delayed flights), we will call more than 3 Crypto Officers (CO) for each ceremony. That makes 1-2 travels per year for the average crypto officer, as the two (2) sets of Crypto Officers are normally called alternately.

How often should a RKSH expect to travel to a ceremony?

Except for the first ceremony, in which the Recovery Key Share Holders (RKSH) were needed for both phases (and thus had to travel between the east and west coast facilities), the RKSH are not expected to travel to a ceremony except in case of a key management emergency.

Can a RKSH pass international borders with its RKSH smart card?

As the contents of the card does not contain a complete cryptographic key, only a small fragment of one, we do not expect any general import/export restrictions on the smart card.

It is safe to pass the smart card through airport x-ray and security screening, just like it is safe to pass your EMV credit card or the like.

Where should the RKSH keep its smart card?

A safe deposit box (or equivalent) at the recover key share holder’s local bank is a good choice. The smart card should be protected from theft and physical damage (e.g., fire, flooding).

What type of inventory of are the RKSH expected to performed?

The KSK operator DNSSEC Practice Statement (DPS) states that an inventory of Recovery Key Shares should be performed annually. This will typically be performed by having each RKSH submit a picture of its key share together with a secret phrase we provide.

What happens if a RKSH loses its key share?

If more than one key share is lost, we will start to plan to re-split the recovery key and recommission the share holders.

Document last revised 2017-05-13.