ICANN not update the root KSK system on schedule
Subject: General Tech | September 29, 2017 - 12:53 PM | Jeremy Hellstrom
Tagged: icann, bind, dns, ksk, networking, security
ICANN have had to delay their planned upgrade to the root key signing keys used by DNS thanks to between 5-8% of key validators lacking the new KSK key. If a validator only possess the 2010 key, they would no longer be able to resolve DNS properly and the vast majority of the internet would disappear for stuck on the old system. The Register points out that the problem will actually be much larger as ICANN assumed that everyone has updated to the newest version of BIND DNS database, and only scanned those validators using the newest version.
The reason for the update is to increase the length of the root KSK that DNS depends on, which will greatly increase the security of anyone surfing the net and to help move this forward ICANN will be publishing a list of those out of date validators in the hopes publicity will spur them to upgrade. As with IPv6, we will wait and see.
"A multi-year effort to update the internet's overall security has been put on hold just days before it was due to be introduced, over fears that as many as 60 million people could be forced offline."
Here is some more Tech News from around the web:
- Benchmarks Show Firefox 57 Quantum Doing Well, But Chrome Largely Winning @ Phoronix
- TSMC announces plan to build 3nm fab in Taiwan @ DigiTimes
- Microsoft continues Linux love-in by joining the Open Source Initiative @ The Inquirer
- Ignite Overview @ Microsoft
- Microsoft gives all staff a marked-up 'Employee Edition' of Satya Nadella's new book @ The Register
- ZorinOS Is a Great Linux Desktop For Any User @ Linux.com
- Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk' @ The Register
- Air Force Gives 10-Year-Old Orbiting Satellite To Ham Radio Operators @ Slashdot
- Whole Foods hacked and credit card info bagged @ The Inquirer
- E-Win Flash Series Gaming Chair @ TechPowerUp