Language: rus ukr eng


Saturday, 18 May
Mobile version  | RSS
News Ukraine Russia Peace Business Society Artistic and Culture Sports Policy PE Science and Health Photo Report Video

ICANN postponed the release of the KSK cryptographic key update until next year

03 October 2017, 08:26 | Technologies
photo InternetUA
Text Size:

The Corporation for the Management of Domain Names and IP-addresses (ICANN) postponed the release of the update of the cryptographic key KSK until next year due to inattention of Internet providers and technical problems. Initially, the update was scheduled for October 11, 2017.

The KSK cryptographic key is part of the DNSSEC protocol - a more secure version of the DNS protocol. The protocol uses keys to create a cryptographic signature of data as a method of preventing attacks that involve the substitution of DNS queries.

The DNSSEC protocol implies the use of two cryptographic keys for each zone: the zone signing key (ZSK) and the key signing key (KSK). Thus, KSK DNSSEC of the root zone is the vertex of the entire hierarchical DNSSEC pyramid. ICANN installed this system in the hope that it will eventually supplant the standard DNS protocol, and attackers can no longer send users false DNS responses, leading them to malicious servers.

The ZSK key of the root zone is updated quarterly by ICANN, but the KSK key has not been updated since its creation in 2010. In 2016, the corporation introduced a new key, and its actual rotation was scheduled for October 11, 2017. Under the original ICANN plan, the key DNS servers had to work with both old and new KSK keys simultaneously.

According to ICANN, many Internet providers have not implemented the new KSK key in their infrastructure. The number of such providers is from 6% to 8% of the total number. According to the representatives of the organization, in the case of a planned update, more than 60 million Internet users would not be able to send DNS requests on October 11, when ICANN was to withdraw the old KSK key.

By and large, ICANN sees a problem in lazy providers who have not updated existing keys. According to representatives of ICANN, many Internet providers may not know that they did not install the latest version of KSK. Some of them use software to automatically install and configure the KSK key, however, in this software, apparently, there were a number of errors that prevented an update.

In this regard, ICANN postponed the update until the first quarter of 2018. With an exact date, the corporation has not yet decided.




Add a comment
:D :lol: :-) ;-) 8) :-| :-* :oops: :sad: :cry: :o :-? :-x :eek: :zzz :P :roll: :sigh:
 Enter the correct answer 
News archive "Technologies"
Ad
Тайна имени
Понтий

Значение имени: Понтий от греческого — морской. Читать дальше

© 2009 - 2024 NewsMe. All rights reserved.
The site administration is not responsible for information what put in, as well as its reliability. Use material NewsMe permitted only for reference (for internet issues - hyperlinks) on NewsMe.com.ua.

Наши проекты: