Can I have a government contractor or ISP sign my .gov domains?
Yes. The trust model in place for .gov domains is with the POCs. Therefore, the initial KSK must be uploaded manually by a POC to ensure this is signed by the personnel responsible for the domain. We have made this very simple. All KSKs from the keyset-*.gov files that are generated as a result of the initial successful signing can be concatenated together by your contractor and emailed to you. These are public keys and are not sensitive. Upon receipt, you may log into www.dotgov.gov and upload this text file. The keys are tested, and validated against the operational domain. If they pass, then the domain(s) is/are signed. Future KSK rollovers will be automated because this initial KSK will be used for validation of future KSKs and ZSKs found in the domain. You may turn off this automation and manually upload your KSK each time. This may be desireable if you do outsource the DNS operations and need to maintain authority and trust within the government agency.
Related Questions
- Transition time from Government to Contractor is dependent on the Offer and the service or item that needs to be transitioned. Is there a specific question?
- Has anyone ever hired GSA Preview (aka GSA 1000) to become a pre-qualified contractor for government jobs?
- Why does the government penalize a contractor for paying cash in lieu of benefits?
