On October 11, the Internet Corporation for Assigned Names and Numbers (ICANN) will change “root zone” security keys as a measure to protect a part of the Internet – a process which they call KSK Rollover. At that point, some users may unable to access parts of the internet and may receive “server failure” error messages.
If you are affected, these errors can start on October 11 but can also start 48 hours later.
What’s about the Root zone?
Technically, the root zone is the top-most part of the DNS structure. It contains the names and the numeric IP addresses for all the top-level domain (TLD) names such as .COM, .NET, and .UK – the last part of the web address you type into your browser.
The root zone KSK is managed by Root Zone operators, such as ICANN, Verisign, and 10 other partners.
What’s the reason behind this change?
Every year, you read the news that governments, companies or individuals are victims of cybersecurity and data breaches that cost them huge amounts of financial losses. Security breaches happen in the system because of weak security policies or due to unknown vulnerabilities.
ICANN is a company that plays an important role to help protect the global Internet, that’s why they will release these new keys.
The Root Zone KSK keys haven’t been changed in eight years since it was first created in 2010. The old key currently in effect is called KSK-2010 while the new one is KSK-2017.
The root zone keys are developed to prevent anyone with malicious intent to make changes and potentially hijack parts of the internet.
Changing these Root Zone keys doesn’t mean there has been a breach.
These cryptographic keys are being changed now because in theory, with the help of supercomputers and enough time, encryption codes can be cracked. Thankfully, they got it to a much more secure 2048-bit key compared to the previous 1024-bit key.
When the new key becomes available, the old key will become invalid – same goes with changing your password as a security measure to protect your account.
The purpose of this rollover isn’t to encrypt data on the site or in transit, but to ensure users land on sites they are expecting to visit.
Am I affected and who should be blamed?
Actually, the original plan for this rollover was October last year, ICANN decided to postpone because of some obligated parties (network operators and ISPs) that aren’t cooperating or having trouble updating their existing keys in their networks.
ICANN runs both old and new keys at the same time so ISPs can test their systems to ensure no such breakages occur.
Take note that they were given enough time to address this rollover.
ICANN says that only one percent of global Internet users are likely to experience problems. But come to think that there are 3.6 billion Internet users now, which could mean that nearly 36 million users could be affected globally.
Now that you want to know if you’re affected, the answer lies within your Internet provider if their networks are ready for KSK Rollover.
BTW, what is ICANN and what do they do?
ICANN is a non-profit corporation in the US founded in 1998 that is responsible for allocating IP addresses and managing the domain name system. For example, domain name google.com has an IP address of 22.214.171.124, if you would type in and open it to a browser’s address bar, it leads you to Google’s main page. However, it would be very inconvenient to remember such IP addresses, hence, domain names are made.
In short, ICANN is the overseeing body for the domain names on the Internet.