Top Bottom
Dan.com

security DNS security and key ceremonies

Dynadot

Future Sensors

78% of human domainers will be replaced by robots
Impact
10,657
DNS security and key ceremonies

This post will focus on a key part of DNSSEC infrastructure — Root KSK ceremonies. These ceremonies exist to provide transparency to the Internet community around the creation, use, and storage of the Root KSK. Transparency is essential in establishing trust of the KSK — asking the Internet to just blindly trust something wouldn’t work, and rightly so!

Read more:

https://blog.apnic.net/2021/10/12/dns-security-and-key-ceremonies/
 
Last edited:
Impact
29,323
Wow I had no idea of all this. Thanks for sharing @Future Sensors .

I liked this: “So, in a sense, there is a group of seven people with ‘keys to the Internet’, but on their own, without ICANN (and the tens-of-thousands-strong Internet community backing them), they’re powerless.”
 

Future Sensors

78% of human domainers will be replaced by robots
Impact
10,657
Wow I had no idea of all this. Thanks for sharing @Future Sensors .

I liked this: “So, in a sense, there is a group of seven people with ‘keys to the Internet’, but on their own, without ICANN (and the tens-of-thousands-strong Internet community backing them), they’re powerless.”

So true. With SOA serial 2010071501 (July 2010) the DNS root was officially signed. The procedures have been polished since then, and trusted community representatives are selected from different geographic locations to avoid imbalance. Before the root was signed, there was a system that imitated a signed root: DNSSEC Lookaside Validation (DLV), which can be found in https://datatracker.ietf.org/doc/html/rfc5074
 
Last edited:

Future Sensors

78% of human domainers will be replaced by robots
Impact
10,657
4711838778_1182ee316b_k.jpg

Root Zone KSK Ceremony #1

The first Key Signing Key (KSK) generation ceremony for the DNS Root Zone. In a sense, the KSK represents the "master key" that is anticipated to be used from July 2010 to secure the root of the DNS system.

Taken on June 16, 2010
by Kim Davies

CC BY-NC-ND 2.0 license

Full album:
Root Zone KSK Ceremony #1
https://www.flickr.com/photos/kjd/albums/72157624302045698
 
Last edited:

Future Sensors

78% of human domainers will be replaced by robots
Impact
10,657
Last edited:
Name Worth