Changes

no edit summary
Line 37: Line 37:  
# [[ICANN]]
 
# [[ICANN]]
 
# [[WIDE Project]], Japan <ref>[http://www.icann.org/en/announcements/dnssec-qaa-09oct08-en.htm ICANN explains DNSSEC]</ref>
 
# [[WIDE Project]], Japan <ref>[http://www.icann.org/en/announcements/dnssec-qaa-09oct08-en.htm ICANN explains DNSSEC]</ref>
 +
 +
----
    
On January 27th, 2007 deployment of DNSSEC for the root zone officially started; it was undertaken by [[ICANN]] and [[VeriSign]], with support from the [[U.S. Department of Commerce]].<ref>[http://www.circleid.com/posts/20100127_icann_begins_public_dnssec_test_plan_for_the_root_zone/ Circle ID]</ref> Details of the root signature can be found at [[http://www.root-dnssec.org/ Root DNSSEC's website].
 
On January 27th, 2007 deployment of DNSSEC for the root zone officially started; it was undertaken by [[ICANN]] and [[VeriSign]], with support from the [[U.S. Department of Commerce]].<ref>[http://www.circleid.com/posts/20100127_icann_begins_public_dnssec_test_plan_for_the_root_zone/ Circle ID]</ref> Details of the root signature can be found at [[http://www.root-dnssec.org/ Root DNSSEC's website].
  −
----
      
In June, 2010, ICANN hosted the first production DNSSEC key ceremony in a high security data centre outside of Washington, D.C.. The key ceremony involved the creation of the first cryptographic digital key used to secure the Internet root zone, which was securely stored after its generation. Each key ceremony is designed to to allow the private key material for the root zone to be managed in a transparent yet secure manner. The goal is for the whole Internet community to be able to trust that the procedures involved were executed correctly, and that the private key materials are stored securely. There is an emphasis on the transparency of the process through the use Trusted Community Representatives ([[TCR]]s), who undertake the detailed procedures with 14 [[ICANN]] employees. [[TCR]]S are members of the international [[DNS]] community, and are unaffiliated with [[ICANN]], [[VeriSign]], or the [[US Department of Commerce]].  These ceremonies will take place 4 times a year in two different American locations.<ref>[ http://www.icann.org/en/announcements/announcement-2-07jun10-en.htm ICANN's DNSSEC Key Ceremony Announcement.}</ref>
 
In June, 2010, ICANN hosted the first production DNSSEC key ceremony in a high security data centre outside of Washington, D.C.. The key ceremony involved the creation of the first cryptographic digital key used to secure the Internet root zone, which was securely stored after its generation. Each key ceremony is designed to to allow the private key material for the root zone to be managed in a transparent yet secure manner. The goal is for the whole Internet community to be able to trust that the procedures involved were executed correctly, and that the private key materials are stored securely. There is an emphasis on the transparency of the process through the use Trusted Community Representatives ([[TCR]]s), who undertake the detailed procedures with 14 [[ICANN]] employees. [[TCR]]S are members of the international [[DNS]] community, and are unaffiliated with [[ICANN]], [[VeriSign]], or the [[US Department of Commerce]].  These ceremonies will take place 4 times a year in two different American locations.<ref>[ http://www.icann.org/en/announcements/announcement-2-07jun10-en.htm ICANN's DNSSEC Key Ceremony Announcement.}</ref>
Line 46: Line 46:  
Each TCR is a respected member of the technical Domain Name System (DNS) community in their home country. They are also unaffiliated to ICANN, VeriSign or the US Department of Commerce, and have been assigned a separate key management role within the ceremony.
 
Each TCR is a respected member of the technical Domain Name System (DNS) community in their home country. They are also unaffiliated to ICANN, VeriSign or the US Department of Commerce, and have been assigned a separate key management role within the ceremony.
    +
At the [[ICANN]] meeting in Brussels later that month there was an overwhelming response from companies who had implemented, or were supporting the new protocol.<ref>[http://www.securityweek.com/dnssec-becomes-reality-today-icann-brussels Security Week]</ref>
 
==DNSSEC Difficulties==
 
==DNSSEC Difficulties==
 
It is critically important to secure the DNS for ensuring overall Internet protection, but when it comes to the deployment of DNSSEC the following difficulties are encountered:
 
It is critically important to secure the DNS for ensuring overall Internet protection, but when it comes to the deployment of DNSSEC the following difficulties are encountered: