Beijing on June 18th news, as the Internet domain name system and tighten the safety screw dream on Wednesday moved a step closer to reality, this day, the Internet’s policymakers held a simple and solemn ceremony in the northern state of Virginia, the first generation and storage will be used for the Internet root domain security key.
this key release ceremony is one of the final steps of the Internet root domain DNS security extension (DNSSEC) research and development process. DNSSEC is a new standard for the Internet to prevent fraudulent attacks, allowing Web sites to use digital signatures and public key to verify the domain name and the corresponding IP address.
"key release ceremony will generate the root key, the key can provide other key signature for all," VeriSign CTO Ken Silva explained. VeriSign operates 13 Internet root servers in the two, mainly to provide.Com and.Net top-level domain name registration services. "It is necessary to generate a legally valid key before the actual launch of DNSSEC, so we can test it."
DNSSEC plans to deploy in the entire Internet infrastructure, starting from the root server in the DNS hierarchy at the top of the first, to run the.Com,.Net and other top-level domain name server, and then to provide the service to the server cache content for many websites.
was once widely deployed, DNSSEC will be able to effectively prevent the cache poisoning attacks, which is the Internet traffic from legitimate sites not redirected to the web site operators or users do not know the fake website. Cache poisoning attack is a serious consequence of DNS vulnerabilities, security researchers Dan Kaminsky publicly disclosed in 2008.
Wednesday’s key release ceremony hosted by ICANN, the location is in a secure data center in the state of Virginia Carle pepa. 7 mid month will be held in Losangeles, a similar key release ceremony.
The key issue of
is to show how to securely generate and store the key for the root domain to the Internet Engineering community. Participants include ICANN staff and DNS experts around the world. The entire process of key generation and storage is notarized.
experts from around the world will participate in the process of creating a key for the DNS top-level domain name, Internet security experts and Shinkuro’s CEO Steve Croker said. "They are witnesses and supervise the whole process in the case of fairness and strict compliance."
these two key release ceremony is the final step before the large-scale deployment of DNSSEC, the second release ceremony is scheduled to be held in July 15th.
from now to July 15th, root server operation >