Today a critical part of DNS security – DNSSEC – will receive a major update, and you can watch it all live at starting at 17:00 UTC (1:00pm US EDT – local time) streaming out of ICANN’s data center in Virginia:
https://www.iana.org/dnssec/ceremonies/27
Olaf Kolkman, our CITO, will be in attendance as a “Crypto Officer” (key holder). Olaf wrote a post with info about the 25th key ceremony back in May 2016 and shared some of his photos.
The important step today is that this key ceremony will involve the creation of a new Key Signing Key (KSK) for the root of DNS. This begins what will be a year-long process of “rolling over” the cryptographic key at the heart of the DNSSEC system. ICANN has a page dedicated to the “Root KSK Rollover” explaining the details – and this “at-a-glance” PDF provides the key facts and dates.
This is a great step in making DNSSEC even more secure.
If you’re interested, ICANN posts the “script” that will be used to go through today’s key ceremony. All of the key ceremonies are streamed live and archived for later viewing.
If you want to learn more about DNSSEC in general, please visit our Start Here page to find resources to help!
Image credit – Olaf Kolkman on Flickr. Used with permission.