Here at the RIPE 59 meeting in Lisbon, Joe Abley from ICANN and Matt Larson from VeriSign announced a plan and schedule for signing the Root Zone. A number of interesting tidbits:
- The root zone will technically be signed by December 1, 2009 although ICANN and VeriSign will keep it to themselves for internal testing.
- Between January and July 2010, the root servers will begin serving the signed zone one "letter" (server) at a time.
- Also during this rollout period, actual DNSSEC keys will be replaced with "dummy" keys so that validation CANNOT occur.