Skip to main content
Resources

互联网地址系统密钥更换——请勿被锁定!

加州洛杉矶…互联网名称与数字地址分配机构 (Internet Corporation for Assigned Names and Numbers, ICANN) 将首次更换维护互联网域名系统 (Domain Name System, DNS) 安全的加密密钥。

ICANN 首席技术官戴维·康纳德 (David Conrad) 表示:"关键的是,全球的互联网服务提供商和网络运营商均应确保已对密钥更换做好了准备。否则,他们的用户将无法查询域名,无法登录任何一个互联网网站。"他还指出:"网络运营商应当确保他们拥有最新软件、已经部署了域名系统安全扩展 (DNSSEC)、并已经验证了其系统能够自动更换密钥,或已经制定了一套流程在世界协调时 2017 年 10 月 11 日 16:00 时以前手动更换至新的密钥。"

密钥的更换,又称"轮转",是维护全球 DNS 安全与稳定的重要环节。这与人们普遍接受的运营操作十分类似,即确保重要的安全基础设施能够在必要时支持密码更替一样。

康纳德指出:"我们已经启动了一个测试平台,确保网络运营商能够确定他们已经在 10 月 11 日前对密钥轮转做好了充分准备"该测试平台的链接为:https://go.icann.org/KSKtest。互联网用户应当联系其互联网服务提供商或网络运营商,确保他们已经对密钥更替做好了准备。

ICANN 一直以来都在与地区互联网注册管理机构、网络运营商团体、域名注册管理机构和注册服务机构、以及互联网生态系统中的其他成员(例如互联网协会和互联网贸易协会)展开合作,确保全球可能受到密钥轮转影响的相关方均已知晓即将发生的变化。

ICANN 首席执行官马跃然 (Göran Marby) 也已向超过 170 位政府官员(包括 ICANN 政府咨询委员会 (Government Advisory Committee) 中的监管人员和参与人)致函,请求他们要求位于各自国家内的网络运营商了解密钥更替事宜并做好准备。

如需了解更多有关即将发生的密钥轮转的信息,请点击此处:https://www.icann.org/kskroll

请使用 #KeyRoll 参与推特网 (Twitter) 上的讨论。

# # #

媒体联系人

布拉德·怀特 (Brad White)
北美传播主管
华盛顿哥伦比亚特区
电话:+1 202 570 7118
电子邮件:brad.white@icann.org

亚历山大·丹斯 (Alexandra Dans) 拉丁美洲和加勒比海地区传播高级经理
乌拉圭蒙得维的亚
电话:+598 95 831 442
电子邮件:alexandra.dans@icann.org

ICANN 简介

ICANN 的使命在于确保全球互联网的稳定、安全与统一。在互联网上寻找另一个人的信息,您必须在您的电脑中键入一个地址——可以是一个名称或是一串数字。这一地址必须是独一无二的,只有这样电脑之间才能互相识别。ICANN 则负责协调并支持这些分布在全球各地的唯一标识符。ICANN 成立于 1998 年,是一家非营利公益型企业,其社群成员遍布全球各地。ICANN 及其社群致力于确保互联网的安全性、稳定性和互用性。它还负责促进互联网域名系统顶级域之间的竞争,制定相关政策,并促进其他互联网唯一标识符的使用。如需了解更多信息,请参见:www.icann.org

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."