CERT mailing list archives
DNSSEC Key Signing Key Rollover Postponed
From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Fri, 29 Sep 2017 13:26:28 -0500
U.S. Department of Homeland Security US-CERT National Cyber Awareness System: DNSSEC Key Signing Key Rollover Postponed [ https://www.us-cert.gov/ncas/current-activity/2017/09/29/DNSSEC-Key-Signing-Key-Rollover-Postponed ] 09/29/2017 12:29 PM EDT Original release date: September 29, 2017 The Internet Corporation for Assigned Names and Numbers (ICANN) has announced that the change to the Root Zone Key Signing Key (KSK) scheduled for October 11, 2017, has been postponed. A new date for the Key Roll has not yet been determined. DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. Maintaining an up-to-date Root KSK as a trust anchor is essential to ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Systems of organizations that do not use DNSSEC validation will be unaffected by the rollover. Users and administrators are encouraged to review ICAAN announcement KSK Rollover Postponed [ https://www.icann.org/news/announcement-2017-09-27-en ] and the US-CERT Current Activity on DNSSEC Key Signing Key Rollover [ https://www.us-cert.gov/ncas/current-activity/2017/08/21/DNSSEC-Key-Signing-Key-Rollover-0 ] for more information. US-CERT will provide additional information as it becomes available. ________________________________________________________________________ This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy & Use [ http://www.us-cert.gov/privacy/ ] policy. ________________________________________________________________________ A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () ncas us-cert gov to your address book. OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ http://www.us-cert.gov/related-resources ] STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Current thread:
- DNSSEC Key Signing Key Rollover Postponed US-CERT (Sep 29)