[http://www.h-online.com/security/news/item/Seven-keyholders-for-the-DNS-root-zone-857180.html]
===== 11 November 2009, 19:21 Seven keyholders for the DNS root zone Preparations for securing the domain name system root zone using the DNS Security Extensions (DNSSEC ) protocol are entering a key phase. At the 76th meeting of the Internet Engineering Task Force (IETF) in Hiroshima, the design team from VeriSign, the internet administration authority ICANN and the US NTIA presented the strict security conditions under which the various keys required will be generated, held and renewed. IETF developers expressed concern about the lack of channels for both explaining the DNSSEC rollout, scheduled to commence in January, to ISPs and for collecting reports of anything untoward from the ISPs. [...] Signing the root zone is necessary to ensure that there is an unbroken chain of trust running right through the entire domain name system when converting domain and host names to IP addresses. Some top level domains, including .se and .org, have already signed their zones. Since the changes to the DNS are considerable and errors could knock out big chunks of the internet, the roll-out is to take place a step at a time. One by one, following the sequence L, J, M, I, D, K, etc., root servers will start to issue signed responses from January. The last server will be A, scheduled for May. IETF developers are warning that leaving A to last is a bad idea, as it promotes the long-obsolete myth that A is something special. [...] ===== -- Soh Kam Yung my Google Reader Shared links: (http://www.google.com/reader/shared/16851815156817689753) my Google Reader Shared SFAS links: (http://www.google.com/reader/shared/user/16851815156817689753/label/sfas) _______________________________________________ LUGS Mailing list - [email protected] List FAQ: http://wiki.lugs.org.sg/LugsMailingListFaq Info page: http://www.lugs.org.sg/mailman/listinfo/slugnet To unsubscribe send an empty email to: [email protected]
