The KSK rollover is an important event in the governance of the DNS (Domain Name System) root zone managed by ICANN. The DNSSEC (Domain Name System Security Extensions) uses a combination of cryptographic keys known as KSKs (Key Signing Keys) and ZSKs (Zone Signing Keys) to secure the DNS root zone. Moving forward, the KSK will be changing or “rolling” to preserve the security of the system. An article announcing the rolling of the KSK, an explanation of what keys are, as well as why they should be rolled can be found here. A full thread of the updates to this process can be found here.
According to a draft plan currently under consideration, the root zone KSK is set to change in October 2018. In order to change this DNSSEC key, many providers who have not yet done so will need to update their systems. ICANN will present data about who has and hasn’t updated and will discuss how they plan to go about making sure that the organizations who should understand this process, do. While there is deep technology at play, ultimately the issue is one of outreach and establishing procedure, which brings opportunities for you to help be a part of the success of this critical cybersecurity endeavor.
This post can be found on WebHostingTalk here.
This post can be found on CircleID here.