Skip to main content
Resources

Changing the Keys for the Internet’s Addressing System – Don’t Get Locked Out

Los Angeles, California… For the first time ever, the Internet Corporation for Assigned Names and Numbers (ICANN) is about to change the cryptographic keys that help secure the Internet's Domain Name System (DNS).

"It is critical that Internet Service Providers and network operators around the world make certain they are ready for this change as failure to do so can result in their users being unable to look up domain names and thus be unable to reach any site on the Internet" said David Conrad, ICANN's Chief Technology Officer. Conrad added, "Network operators should ensure they have up-to-date software, have enabled DNSSEC, and verified that their systems can update their keys automatically or they have processes in place to manually update to the new key by 1600 UTC on 11 October 2017."

The changing, or "rolling" of the key, is an important step in keeping the global DNS safe and secure. It is very much in line with commonly accepted operational practices that ensure that important security infrastructure can support changing password if the need were to ever arise.

"We've launched a testing platform so network operators can make certain that they are ready for the key roll well ahead of October 11," said Conrad. That testing platform can be accessed at: https://go.icann.org/KSKtest. Internet users should contact their ISP or network operators to make certain they are ready for the key change.

ICANN has been working with technical partners such as the Regional Internet Registries, Network Operations Groups, and domain name registries and registrars as well as others in the Internet ecosystem, such as the Internet Society and Internet trade associations, to make certain that those around the world who may be impacted by the key roll are aware of the pending change.

ICANN Chief Executive Officer Göran Marby has sent correspondence to more than 170 government officials including regulators and participants in ICANN's Government Advisory Committee, asking that they make certain the network operators in their respective countries are aware and ready for the key change.

To learn more about the pending Key Roll, go here: https://www.icann.org/kskroll.

To join the conversation on Twitter use #KeyRoll.

# # #

Media Contacts

Brad White
Director of Communications, North America
Washington, D.C.
Tel: +1 202 570 7118
Email: brad.white@icann.org

Alexandra Dans
Senior Manager, Latin America and Caribbean Communications
Montevideo, Uruguay
Tel: +598 95 831 442
Email: alexandra.dans@icann.org

About ICANN

ICANN's mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you have to type an address into your computer - a name or a number. That address has to be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation and a community with participants from all over the world. ICANN and its community help keep the Internet secure, stable and interoperable. It also promotes competition and develops policy for the top-level of the Internet's naming system and facilitates the use of other unique Internet identifiers. For more information please visit: www.icann.org.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."