The ceremony room has a cage on the side of it that contains two safes.
These safes store all of the sensitive material used during the ceremony.
Each safe deposit box contains an operator card and a security permissions card for the Hardware Security Module (HSM), which we’ll discuss in the next section.
Three operator cards are required to unlock the HSM, which is why three Crypto Officers must attend the ceremony.
We figured it would only take a half hour or so to blast a hole in the wall and walk out with the safe; however, that would probably trip the seismic sensors, so we would know that the key was compromised.
Once everybody showed up, we were escorted to the ceremony room in small groups as the entrance room only holds about 8 people.
Photo courtesy of IANA That’s the purpose of the Root Signing Ceremony—a rigorous procedure around signing the root DNS zone’s public keying information for the next few months.
It enables Internet users to access domain names in all TLDs, even brand new ones like .software and .bank, making it an integral part of the global Internet.
The last ceremony took place on August 13th at the El Segundo facility.
To get into the facility, I had to show a government issued ID and show the contents of my bag. Then, I waited for an ICANN staffer to escort me inside.
We mingled there while waiting for the rest of the ceremony participants to arrive.
Being Crypto Officers, most of the small talk revolved around trying to steal root-signing key.