Skip to main content

继续执行密钥签名秘钥 (KSK) 轮转拟定计划现已公布

现正式开放一轮 ICANN 公共评议期,针对执行 KSK 轮转的拟定计划 [PDF, 93 KB] 搜集社群意见。这轮评议期的截止时间为 2018 年 4 月 1 日,我们诚挚地鼓励大家踊跃提出建议和意见。

本计划呼吁在 2018 年 10 月 11 日进行根区 KSK 轮转(即比原定计划晚了一年),并继续加强外展工作,尽可能多地通知解析器运营商,与此同时发布更多对 RFC 8145 信任锚报告数据的观察意见。本计划还纳入了其他细节内容。

此外,我们正计划在 ICANN61 波多黎各会议上召开一场会议,进一步讨论这项计划,获取更多反馈意见。

去年 12 月末,ICANN 组织宣布了继续执行根区 KSK 轮转计划的后续步骤,而这份拟定计划则在上述声明发布之后而推出。我们介绍了我们如何查找那些并未对轮转做好准备的 DNS 解析器运营商们。

通过使用 RFC 8145 中描述的一项协议,问题解析器均向根服务器发送了报告,其中的一项信任锚配置表明这类解析器目前只能使用当前的 KSK(即:KSK-2010),而没有使用新的 KSK(即:KSK-2017)。

在 12 月份的声明中,我们详细介绍了在联系运营商的过程中所遇到的困难,并指出当我们联系到了运营商后,我们又了解到导致这些解析器无法正确配置的原因又有很多。

在 12 月份的声明中,我们详细介绍了在联系运营商的过程中所遇到的困难,并指出当我们联系到了运营商后,我们又了解到导致这些解析器无法正确配置的原因又有很多。

且这些发现结果并不能够澄清该采取怎样的后续措施来解决具体问题,也无法为发送适当讯息而提供指导。面对这种情况,我们宣布将针对执行根区 KSK 轮转的可接受标准一题征询社群意见。

自 12 月发布声明以来,社群内部感兴趣的成员们已经进行了广泛深入地讨论。讨论认为,尽管有人相信未来 KSK 进行轮转时会有更好的衡量方案,但目前却并没有方法准确衡量可能受到根区 KSK 轮转影响的用户数量。

因而,讨论达成共识,认为 ICANN 组织应当及时执行根区 KSK 轮转,并继续开展外展工作,确保轮转的消息能够尽可能地覆盖更多的人群。

我们期待着能与 ICANN 社群继续合作,执行根区 KSK 轮转。

Comments

    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."