FW: .mil DNSSEC operational message

["Cassell, James D CIV DISA NS233" <jcassell () nic mil>]

The United States Department of Defense (DoD) has authorized the DoD Network
Information Center (NIC) to sign the .mil zone using DNSSEC.  The DoD NIC
will sign the .mil zone using a phased implementation plan that will span a
three (3) month period.

The first phase will consist of signing the .mil zone with an unvalidatable
key, similar to the method used to initially sign several other gTLDs, as
well as the root zone.
  
During the second phase, the .mil zone will be signed using a validatable
key.  However, this key will not be released to IANA for inclusion in the
root zone until an operational test and assessment have been completed.
Essentially, the .mil domain will remain an island (for DNSSEC purposes)
during this phase.

The third and final phase will consist of submitting the .mil key to IANA
for publication in the Internet root zone to allow Internet-wide validation
of .mil DNS responses.
 
Tentative timeline to a signed .mil zone:
Sep 14-Sep 18  .mil zone signed with an unvalidatable key
Sep 19-Dec 11  .mil zone signed with an unpublished, validatable key
Dec 12         .mil zone signed, and its DS record is included in the root
zone

This rollout is expected to be transparent to the Internet user community,
however, if there are issues during this period, please contact the DoD NIC
at 1-800-365-3642; +1 614-692-2708.

Thank you,
DoD NIC Administration

Attachment: smime.p7s
Description: