US government requests root DNSSEC go-ahead
The National Telecommunications and Information Administration, part of the US Department of Commerce, has formally announced its intent to allow the domain name system’s root servers to be digitally signed with DNSSEC.
Largely, I expect, a formality, a public comment period has been opened (pdf) that will run for two weeks, concluding on the first day of ICANN’s Brussels meeting.
NTIA said:
NTIA and NIST have reviewed the testing and evaluation report and conclude that DNSSEC is ready for the final stages of deployment at the authoritative root zone.
DNSSEC is a standard for signing DNS traffic using cryptographic keys, making it much more difficult to spoof domain names.
ICANN is expected to get the next stage of DNSSEC deployment underway next week, when it generates the first set of keys during a six-hour “ceremony” at a secure facility in Culpeper, Virginia.
The signed, validatable root zone is expected to go live July 15.
If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.
The current DNSSEC ICANN “Theatrics” are comical.
The [True Internet Architecture] is NOT high-security data-centers with Check-Point Charlie driveways.
Savy ISPs and developers long ago gave up on
those “root servers” ICANN is securing in Fort Knox.
It is interesting to see ICANN claiming to be planning for
competition for Verisign from one side of their mouth while partnering with the U.S. Government and Verisign
from the other side.
The theatrics are reminiscent of the days when Network
Solutions (pre-Verisign) would apparently hire armed
guards on days when noobs were visiting. It was all
show.