ICANN set to change Internet’s master key
The Internet Corporation for Assigned Names and Numbers (ICANN) is set for the first time, about to change the cryptographic keys that help secure the Internet’s Domain Name System (DNS).
ICANN is a global non-profit organisation that is responsible for co-ordinating the maintenance and procedures of several databases related to the namespaces of the Internet, ensuring the network’s stable and secure operation.
It created the current key at a secure data centre in Virginia on 16 June 2010 and ICANN has not touched it since.
The organisation has disclosed plans to perform a Root Zone Domain Name System Security Extensions (DNSSEC) key signing key (KSK) rollover as required in the Root Zone KSK operator DNSSEC practice statement.
It underscored that the root zone KSK consists of a private key and a public key.
“The private component is securely stored by ICANN, but the public component is widely distributed and configured in a large number of devices, possibly numbering in the millions.
The multi-step KSK rollover process involves generating a new cryptographic key pair and then distributing the new public key, “says ICANN.
David Conrad, ICANN’s chief technology officer said “It is critical that Internet service providers (ISPs) and network operators around the world make certain they are ready for this change as failure to do so can result in their users being unable to look up domain names and thus be unable to reach any site on the Internet.
“Network operators should ensure they have up-to-date software, have enabled DNSSEC, and verified their systems can update their keys automatically or they have processes in place to manually update to the new key by 16:00 UTC on 11 October 2017.”
ICANN explained that the changing, or “rolling” of the key, is an important step in keeping the global DNS safe and secure, adding that it is in line with commonly accepted operational practices that ensure important security infrastructure can support changing passwords if the need were to ever arise.
“We’ve launched a testing platform so network operators can make certain they are ready for the key roll well ahead of 11 October,” Conrad said.
He said the testing platform can be accessed there; and that Internet users should contact their ISP or network operators to make certain they are ready for the key change.
