The Internet Corporation for Assigned Names and Numbers (ICANN) has decided to change the cryptographic key that helps protects the Domain Name Systems (DNS). The process of changing the cryptographic key is called the root key the root key rollover or KSK rollover. The DNS root key is a cryptographic public-private key pair used for DNSSec signing of the DNS root zone records. The KSK rollover means that generating a new pair of cryptographic public-private key and distributing to organizations who operate validating resolvers. The primary driving for the root KSK rollover is the growth in attack capability of cybercriminals.
Interesting article Haitao, good to know that the Internet Corporation for Assigned Names and Numbers (ICANN) has voted to go ahead with the first-ever changing of the cryptographic key that helps protect the internet’s address book – the Domain Name System. Hope that the internet will be a more secure place.
I like the ICANN Board Chair Cherine’s statement.There is no way of completely assuring that every network operator will have their ‘resolvers’ properly configured, yet if things go as anticipated, we expect the vast majority to have access to the root zone”.