ICANN not update the root KSK system on schedule

Subject: General Tech | September 29, 2017 - 12:53 PM |
Tagged: icann, bind, dns, ksk, networking, security

ICANN have had to delay their planned upgrade to the root key signing keys used by DNS thanks to between 5-8% of key validators lacking the new KSK key.  If a validator only possess the 2010 key, they would no longer be able to resolve DNS properly and the vast majority of the internet would disappear for stuck on the old system.  The Register points out that the problem will actually be much larger as ICANN assumed that everyone has updated to the newest version of BIND DNS database, and only scanned those validators using the newest version. 

The reason for the update is to increase the length of the root KSK that DNS depends on, which will greatly increase the security of anyone surfing the net and to help move this forward ICANN will be publishing a list of those out of date validators in the hopes publicity will spur them to upgrade.  As with IPv6, we will wait and see.

View Full Size

"A multi-year effort to update the internet's overall security has been put on hold just days before it was due to be introduced, over fears that as many as 60 million people could be forced offline."

Here is some more Tech News from around the web:

Tech Talk


Source: The Register

No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.