Skip to main content

首轮根区密钥签名密钥 (KSK) 轮转圆满结束

洛杉矶——2018 年 10 月 15 日——互联网名称与数字地址分配机构 (ICANN) 现已认定为保护域名系统 (DNS) 所进行的首轮根区密钥更替工作现已圆满完成,对全球互联网所带来的影响微乎其微。这标志着自 2010 年启用密钥以来,首次对密钥进行了变更。

根据现有数据进行的评估表明,目前没有大量互联网终端用户因密钥变更而持续受到负面干扰。

在此过程中遇到的少量问题都已得到迅速解决,并未出现(按照 ICANN 社群的界定)接近"取消轮转"临界值的系统性故障。鉴于此,新密钥签名密钥,即 KSK 2017 的轮转工作现已圆满完成。

目前无迹象表明我们需要退出轮转,且 ICANN 也已启动轮转流程的后续工作:在 2019 年第一季度的密钥签名仪式上废除旧 KSK,即 KSK 2010。

"根区密钥轮转所需的基础设施的成功执行表明,在全球范围内更新密钥是可行的,"ICANN 首席技术官戴维·康纳德 (David Conrad) 表明。"此举也将为后续密钥轮转工作提供重要参考。"

ICANN 总裁兼首席执行官马跃然 (Göran Marby) 在审查了 ICANN 和其他相关方(特别是 DNS 技术社群)的工作成果后最终决定执行根区密钥签名密钥 (KSK) 的轮转工作。取得这样的成就取决于大规模的全球外展工作、与 ICANN 社群展开的协商和对现有数据进行的大量分析。

获得最终批准后,ICANN 执行了 ICANN 董事会于 2018 年 9 月 16 日批准的决议。本决议表明该机构应当按照修订后的方案,于 2018 年 10 月 11 日执行密钥变更或"轮转"。

如需了解更多有关根区 KSK 轮转的信息,请访问专属主要信息获取页面: http://www.icann.org/kskroll

ICANN 简介

ICANN 的使命在于确保全球互联网的稳定、安全与统一。在互联网上寻找另一个人的信息,您必须在您的电脑或其他设备中键入一个地址——可以是一个名称或是一串数字。这一地址必须是独一无二的,只有这样电脑之间才能互相识别。ICANN 则负责协调并支持这些分布在全球各地的唯一标识符。ICANN 成立于 1998 年,是一家非营利公益型企业,其社群成员遍布全球各地。


More Announcements
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."