Home / News I have a News Tip

Video: Highlights of the DNSSEC Key Signing Ceremony

ICANN video highlighting last week's historical DNSSEC key signing ceremony held in a high security data centre located in Culpeper, VA, outside of Washington, DC.

"During the ceremony, participants were present within a secure facility and witnessed the preparations required to ensure that the so-called key-signing-key (KSK) was not only generated correctly, but that almost every aspect of the equipment, software and procedures associated with its generation were also verified to be correct and trustworthy."

Related topics: DNS, DNS Security, ICANN, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

SSL has been solving this problem for 15 years Phillip Hallam-Baker  –  Jul 01, 2010 9:04 AM PDT

DNSSEC is important.

But not for the reasons being presented here. SSL already enables end to end authentication of Web Sites.

DNSSEC does not and cannot. Even if we assume BGPSEC is also in place, there is no end-to-end security. DNSSEC merely secures the mapping of DNS name to IP address. The mapping of IP address to Internet endpoint depends (and will continue to depend) on the thousands of AS number assignees.

We could fix DNSSEC to provide end-to-end security, but that alone would be relatively pointless as we can already do that with SSL.

As someone who has run key ceremonies, I would also point out that you do not want the identity of the key share holders to be known as this puts them at personal risk of blackmail, extortion etc. So making a film of the process is counter-productive.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Promoted Post

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Sponsored Topics