After many years of planning and trial, the root zone is now signed with DNSSEC keys. See the screen dump below.
From my observations, the root zone will be signed twice a month by the Zone Signing Key, double the pace of an ordinary fully qualified domain name which is to be signed on a monthly basis. Also, according to ICANN, the Key Signing Key shall be used for 5 years. This introduces only a slight additional burden to include the default secure entry point to a resolver every 5 years.
My wholehearted thanks go to ICANN and all root zone operators for taking major steps to secure the public Internet.
No comments:
Post a Comment