So far so good! Major overhaul of the keys that keep the internet secure completed as firm behind it slams claims it could have caused a 48 hour global shutdown
- ICANN switched out crypto keys that make sure users aren’t sent to spam sites
- Ahead of the change, some warned of a ’48 hour global internet shutdown’
- ICANN called those claims ‘clickbait,’ saying there’s yet to be any major outages
4
View
comments
A major overhaul of a crucial component of the internet’s domain name system, or DNS, has gone off without a hitch, contradicting earlier claims that it would have caused a ‘global internet shutdown.’
The Internet Corporation for Assigned Names and Numbers (ICANN) on Thursday kicked off its first-ever change of the cryptographic key pairs that assure web users aren’t sent to spam sites.
Ahead of the switchover, which began at 4:00pm UTC yesterday, there were widespread warnings that it would disrupt internet connectivity for many web users.
Scroll down for video
ICANN on Thursday kicked off its first-ever change of the cryptographic key pairs that assure web users aren’t sent to spam sites. The switchover began at 4:00pm UTC yesterday
However, that hasn’t happened yet and ICANN is calling claims that it will temporarily create system-wide outages ‘clickbait.’
ICANN, which is a US-based non-profit organization that oversees internet infrastructure tasks, was likely referring to headlines such as one that said ‘Global internet could crash in next 48 hours,’ published Thursday by Russia Today.
‘Unfortunately, that story carries a headline that is a click bait,’ an ICANN spokesperson told NDTV.
-
Artificial oyster reefs being introduced in Scotland will… ‘World’s fastest camera’ that can capture images at 10… What became of Biosphere 2? Infamous failed $150m science… Microsoft under fire after ‘horrifying’ racist and…
Share this article
‘There will be minimal impact to users. Note that data analysis suggests that more than 99 percent of users whose resolvers are validating will be unaffected.’
It is possible that some users could still experience minor outages in the next 24 hours or so.
Some users reported having issues accessing webpages or making transactions within the first few hours of the switchover, but many were ‘fixed quickly,’ according to ICANN, which has continued to post updates on the rollover.
Ahead of the switchover, there were widespread warnings that it would disrupt internet connectivity for many web users. ICANN called those claims ‘clickbait’
‘The root KSK rollover has occurred: the new root zone signed by new KSK (known as KSK-2017) has been published to the root servers,’ ICANN explained.
‘The root KSK rollover occurred at 1600 UTC [noon EST] today, 11 October, with the publication of the root zone with serial number 2018101100. Please see the main rollover page for further information on the rollover.’
It added: ‘In the first six hours after the rollover, there were a few reports of problems that were mostly fixed quickly.’
The overhaul centered around switching the DNS’ Root Zone Signing Key, which is a pair of crucial cryptographic keys that ensure users are visiting the correct website – not a spoof one run by hackers.
ICANN generated a new cryptographic public and private key pair and sent it to users who operate validating resolvers.
These validating resolvers run software that converts typical domain names, like Google.com, into their numerical IP addresses so that computers can visit them.
WHAT IS THE DOMAIN NAME SYSTEM AND HOW DOES IT WORK?
The Domain Name System, or DNS, is the directory of the internet.
Whenever you click on a link, send an email, open a mobile app, often one of the first things that has to happen is your device needs to look up the address of a domain.
There are two sides of the DNS network: the authoritative side, ie webpages and other content, and the resolver side, devices that are trying to access this content.
Every domain needs to have an authoritative DNS provider, servers which store DNS records. Amazon, Cloudflare and Google are among the bigger names in authoritative DNS server provision.
On the other side of the DNS system are resolvers. Every device that connects to the Internet needs a DNS resolver.
By default, these resolvers are automatically set by whatever network you’re connecting to.
So, for most Internet users, when they connect to an ISP, or a WiFi hot spot, or a mobile network, the network operator will dictate what DNS resolver to use.
The problem is that these DNS services are often slow and don’t respect your privacy.
What many Internet users don’t realise is that even if you’re visiting a website that is encrypted, indicated by the green padlock in your browser’s address bar, that doesn’t keep your DNS resolver from knowing the identity of all the sites you visit.
That means, by default, your ISP, every WiFi network you’ve connected to, and your mobile network provider have a list of every site you’ve visited while using them.
The internet has rapidly evolved, but DNS security measures haven’t necessarily kept up.
Many websites use DNS Security Extensions (DNSSEC) that use cryptographic keys to make sure DNS data is coming from the correct address, as a means to prevent ‘DNS spoofing,’ which inserts an incorrect IP addresses, thereby directing users to potentially malicious sites.
This week’s rollover involved changing the primary key pair in DNSSEC’s cryptographic key chain, called the Root Zone Signing Key.
So far, there is no reason to believe the keys have been compromised, but ICANN is performing the switch as a means of maintaining ‘good cryptographic hygiene,’ Motherboard noted.
‘We want to do this process when things are normal; when there’s not any kind of emergency,’ ICANN’s vice president of research, Matt Larson, told Motherboard.
‘This way, if an actor does manage to get the key somehow later, at least ICANN will have a better idea of how the process works.’
The root KSK rollover was supposed to happen in 2017, but was later postponed to this year, after concerns were raised that it would result in a major internet disruption for many users.
Source: Read Full Article