ICANN Delays Domain Name Security Key Rollover


A plan to change the encrypted keys that help secure the internet domain name system is being postponed by the Internet Corporation for Assigned Names and Numbers until at least the beginning of next year.

ICANN, the nonprofit that manages the system (DNS), originally planned to roll out the new key pair, the Key Signing Key (KSK), Oct. 11. But ICANN found that a significant number of the tools network operators use to validate DNS data hasn’t been updated with the new KSK.

Internet users relying on those validating tools would be unable to access the internet if the tools don’t contain the new key after the rollover, according to an ICANN fact sheet. ICANN estimates that the rollover could affect 750 million people.

"The security, stability and resiliency of the domain name system is our core mission,” ICANN CEO Göran Marby said in a statement. “We would rather proceed cautiously and reasonably, than continue with the roll on the announced date of 11 October.”

The KSK is a pair of public and private keys that creates a signature for a domain and is designed to ensure internet users are directed to the correct website. The KSK hasn’t been changed since its introduction in 2010.

Marby said ICANN will continue to engage with network operators to help them ensure they are ready for the rollover. ICANN hasn’t determined a new date but hopes to reschedule for the first quarter of 2018, it said in its statement.