Key Management

The current DNSSEC keys for the top level domains .ch and .li are published here for name server operators.

NB: The keys for the top level domains .ch and .li should not be directly configured as trust anchors in your name servers. Instead, you should make sole use of the root-zone keys. Our keys are only set out here for checking purposes.

Current DNSSEC keys

CH: Key 24859, intended validity until 12 December 2014
DS 24859 8 1 521C83ACB0BC9172F581DF5ED9D0CC3EB78C0915
DS 24859 8 2 9AFD21261EAF98AFD7E24E89BE6B25767F93EB401C6C3DF21342F40E E82DCCF0

LI: Key 28489, intended validity until 12 December 2014
DS 28489 8 1 A7613A5FD865175491CEDB0B85BCC00F80D66E1A
DS 28489 8 2 C534C12DE564E79C578E6419C57D97629D8BE76C794C026C944F3FC4 42B63B78

Key Management Practice Statement

The "Key Management Practice Statement" document describes how SWITCH handles the cryptographic key material associated with DNSSEC. It explains how the keys are generated and saved and when they lose their validity.

Key Management Practice StatementPDF