Share this article:
ICANN, the overseer of the Internet’s namespace, announced this week that it was postponing a scheduled change to the cryptographic key that protects the Domain Name System.
ICANN, the overseer of the Internet’s namespace, announced this week that it was postponing a scheduled change to the cryptographic key that protects the Domain Name System.
ICANN said in a statement that the change was to occur on Oct. 11, but new data indicates that a “significant number” of resolvers used by ISPs and large network operators are not ready. ICANN hopes to reschedule the rollover to the first quarter of next year.
“There may be multiple reasons why operators do not have the new key installed in their systems: some may not have their resolver software properly configured and a recently discovered issue in one widely used resolver program appears to not be automatically updating the key as it should, for reasons that are still being explored,” ICANN said.
The key signing key (KSK) rollover, as it’s known, requires the generation of a new cryptographic key pair and distribution of the public key to DNSSEC resolvers. ICANN said the rollover would affect 750 million people.
“The security, stability and resiliency of the domain name system is our core mission. We would rather proceed cautiously and reasonably, than continue with the roll on the announced date of 11 October,” said ICANN CEO and president Göran Marby. “It would be irresponsible to proceed with the roll after we have identified these new issues that could adversely affect its success and could adversely affect the ability of a significant number of end users.”
ICANN advises that network operators and ISPs ensure their systems are ready for the new rollover data, and to make use of its testing platform to ensure resolvers are properly configured.
In the meantime, the ICANN is exploring a resolution to the current issues via its Security and Stability Advisory Committee, the Regional Internet Registries and Network Operator groups.
Share this article:
The Zodiac’s serial killer’s 340 cipher, which couldn’t be solved for 50 years, has been cracked by a remote team of mathematicians.
This sealogged Nazi machine will undergo restoration.
Peter Lowe with DNSFilter discusses the science behind domain name system (DNS) filtering and how this method is effective in blocking out phishing and malware.
The First Stop For Security News
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
About The Author
More Stories
Anatomy of a Scam
Climate and Environmental Sustainability Within the IETF and IRTF
From Commitments to Practice: Internet Society’s Priorities for WSIS+20 Implementation