Yesterday, ICANN (Internet Corporation for Assigned Names and Numbers) announced that the root KSK roll has occurred at 1600 UTC.
ICANN is an organization that ensures a stable, secure and unified global Internet by coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet.
The KSK is used to cryptographically sign the Zone Signing Key (ZSK), which is used by the Root Zone Maintainer to DNSSEC-sign the root zone of the Internet’s DNS.
Rolling the KSK means generating a new cryptographic public and private key pair and distributing the new public component to parties who operate validating resolvers including,
Maintaining an up-to-date KSK is important to ensure that DNSSEC-validating DNS resolvers continue to function following the rollover. Failure to have the current root zone KSK will mean that DNSSEC-validating DNS resolvers will be unable to resolve any DNS queries.
Failure to have the current root zone KSK will mean that DNSSEC-validating DNS resolvers will be unable to resolve any DNS queries.
KSK Rollover operations started in October 2016 and were scheduled for October 2017. However, ICANN announced that the rollover has been postponed stating, “a significant number of resolvers used by Internet Service Providers (ISPs) and Network Operators are not yet ready for the Key Rollover.”
Later, a draft plan was announced on February 1, 2018, after receiving input from the community. The date put forward to initiate the procedure was October 11, 2018. Per ICANN, the rollover is necessary to curb the rising number of cyber attacks.
In an official statement, Communications Regulatory Authority said, “To further clarify, some internet users might be affected if their network operators or Internet Service Providers (ISPs) have not prepared for this change. However, this impact can be avoided by enabling the appropriate system security extensions.”.
To know more about this news in detail, visit the main rollover page on ICANN’s website.
RedHat shares what to expect from next week’s first-ever DNSSEC root key rollover
Baidu Security Lab’s MesaLink, cryptographic memory safe library alternative to OpenSSL
Google Titan Security key with secure FIDO two factor authentication is now available for purchase
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…