Content deleted Content added
SpiralShell (talk | contribs) →Overview: note the year |
Rescuing 2 sources and tagging 0 as dead.) #IABot (v2.0.9.5 |
||
Line 242:
====Planning====
In September 2008, ICANN and VeriSign each published implementation proposals<ref>{{cite news|author=Singel, Ryan|title=Feds Start Moving on Net Security Hole|url=http://blog.wired.com/27bstroke6/2008/10/feds-take-step.html|date=October 8, 2006|work=Wired News|publisher=CondéNet|access-date=2008-10-09}}</ref> and in October, the [[National Telecommunications and Information Administration]] (NTIA) asked the public for comments.<ref>{{cite press release|title=Press Release: NTIA Seeks Public Comments for the Deployment of Security Technology Within the Internet Domain Name System|url=http://www.ntia.doc.gov/press/2008/DNSSEC_081009.html|date=October 9, 2008|publisher=National Telecommunications and Information Administration, U.S. Department of Commerce|access-date=2008-10-09|archive-date=2008-10-13|archive-url=https://web.archive.org/web/20081013070057/http://www.ntia.doc.gov/press/2008/DNSSEC_081009.html|url-status=dead}}</ref> It is unclear if the comments received affected the design of the final deployment plan.
On June 3, 2009, the [[National Institute of Standards and Technology]] (NIST) announced plans to sign the root by the end of 2009, in conjunction with ICANN, [[VeriSign]] and the NTIA.<ref name="NISTpr609">{{cite press release | url= https://www.nist.gov/public_affairs/releases/dnssec_060309.html | title= Commerce Department to Work with ICANN and VeriSign to Enhance the Security and Stability of the Internet's Domain Name and Addressing System | publisher= National Institute of Standards and Technology | date= 3 June 2009 | access-date= 13 July 2017 | archive-date= 29 June 2011 | archive-url= https://web.archive.org/web/20110629074556/http://www.nist.gov/public_affairs/releases/dnssec_060309.html | url-status= dead }}</ref>
On October 6, 2009, at the 59th [[RIPE]] Conference meeting, ICANN and VeriSign announced the planned deployment timeline for deploying DNSSEC within the root zone.<ref name="conf">{{cite web | title = DNSSEC for the Root Zone | url=http://www.ripe.net/ripe/meetings/ripe-59/presentations/abley-dnssec-root-zone.pdf}}</ref> At the meeting it was announced that it would be incrementally deployed to one root name server a month, starting on December 1, 2009, with the final root name server serving a DNSSEC signed zone on July 1, 2010, and the root zone will be signed with a RSA/SHA256 DNSKEY.<ref name="conf"/> During the incremental roll-out period the root zone will serve a ''Deliberately Unvalidatable Root Zone'' (DURZ) that uses dummy keys, with the final DNSKEY record not being distributed until July 1, 2010.<ref name="last-puzzle-pieces">{{Cite web | last= Hutchinson | first= James | title= ICANN, Verisign place last puzzle pieces in DNSSEC saga | work= NetworkWorld | url= http://www.networkworld.com/news/2010/050610-icann-verisign-place-last-puzzle.html?hpg1=bn | date= 6 May 2010 | access-date= 17 May 2010 | archive-date= 20 December 2013 | archive-url= https://web.archive.org/web/20131220202008/http://www.networkworld.com/news/2010/050610-icann-verisign-place-last-puzzle.html?hpg1=bn | url-status= dead }}</ref> This means the keys that were used to sign the zone use are deliberately unverifiable; the reason for this deployment was to monitor changes in traffic patterns caused by the larger responses to queries requesting DNSSEC resource records.
| |||