Home / News I have a News Tip

ICANN Delays Plans to Change DNS Cryptographic Key, Says Near 750 Million People at Risk if Rushed

The Internet Corporation for Assigned Names and Numbers (ICANN) has postponed plans to change the cryptographic key — a critical step in updating protection measures for the Domain Name System (DNS). In its report issued Thursday evening, ICANN said an "an estimated one-in-four global Internet users, or 750 million people, could be affected by the KSK rollover. ... The changing or 'rolling' of the KSK Key was originally scheduled to occur on 11 October, but it is being delayed because some recently obtained data shows that a significant number of resolvers used by Internet Service Providers (ISPs) and Network Operators are not yet ready for the Key Rollover. The availability of this new data is due to a very recent DNS protocol feature that adds the ability for a resolver to report back to the root servers which keys it has configured." A new date for the Key Roll has not yet been determined, but the organization says it is aiming at rescheduling the Key Roll for the first quarter of 2018.

Update Oct 4, 2017: ICANN's VP of Research, Matt Larson, posted a blog today regarding the factors behind the KSK rolloever delay – "The Story Behind ICANN’s Decision to Delay the KSK Rollover": "I would like to provide some additional details about what went into our decision to delay the roll. You might say it's the story behind the story. Historically, there has been no way to determine which trust anchors DNS Security Extensions (DNSSEC) validators have been configured, making it difficult to assess the potential impact of the root KSK rollover. But that recently changed and we received some new data that we simply could not ignore."

Related topics: DNS, DNS Security, ICANN

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

Great Andrew Gardner  –  Sep 28, 2017 2:48 PM PDT

Mozilla and Google will love this - another reason for them to refuse to bake DANE into their browsers.

Lets not turn this into a mess ! Ken Stubbs  –  Sep 29, 2017 7:50 AM PDT

Frankly, this is embarrassing !

Why are we not ready to pull the trigger ?

Is it because we haven't done an effective job of communicating the sense of urgency to the right parties here ?

Is it because the resolvers are ambivalent ?

These are questions that need honest answers REAL SOON !

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Cybersecurity

Sponsored by Verisign

DNS Security

Sponsored by Afilias

Mobile Internet

Sponsored by Afilias Mobile & Web Services

IP Addressing

Sponsored by Avenue4 LLC

Promoted Posts

Buying or Selling IPv4 Addresses?

Discover ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

US Court Grants DCA Trust's Motion for Preliminary Injunction on .Africa gTLD

What Holds Firms Back from Choosing Cloud-Based External DNS?

United States Court Has Granted an Interim Relief for DCA Trust on .Africa gTLD

Dyn Weighs In On Whois

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Protect Your Privacy - Opt Out of Public DNS Data Collection

Measuring DNS Performance for the User Experience

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability