Internet gatekeepers strengthen security at the root
Commerce, ICANN are beginning deployment of enhancements
- By Alice Lipowicz
- Jun 15, 2010
The Commerce Department and global Internet authorities will begin deploying a worldwide root system improvement to the Internet this week designed to enhance security in the Internet’s domain name structure.
The Internet Corporation for Assigned Names and Numbers will host a ceremony on June 16 at a high-security data center in Culpeper, Va., to install the first Domain Name System Security Extensions.
During the ceremony in Virginia the first cryptographic digital key used to secure the Internet root zone will be generated and securely stored, according to a news release. Official procedures will be carried out to assure the security of the key.
The 3 urgent security concerns you'll have this month
The security extensions system is a cryptographic framework that provides greater assurance to all Internet users so that, when they type in a Web address, there is more confidence they will reach that destination. The security extensions have been in development for more than a year to address a well-known flaw in the Internet that has been exploited by hackers and phishers. The longstanding domain name vulnerability has allowed hackers to misdirect Internet traffic to malicious Web sites.
Commerce, ICANN and Verisign Corp. are involved in a joint effort to deploy the security extensions system, which will be fully deployed globally by July 15.
The key ceremony involves ICANN staff as well as 14 volunteer Trusted Community Representatives, who are representatives of the domain name system in their respective countries. The volunteers are not affiliated with Commerce, ICANN or Verisign.
“The involvement of these independent participants provides transparency of process -- a successful key ceremony is only possible if the Trusted Community Representatives involved are satisfied that all steps were executed accurately and correctly. The ceremony and its associated systems and processes will also be subject to a SysTrust audit,” the news release said.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.