Back in February we announced the start of our production network trial of DNSSEC, a technology which adds security to DNS (the telephone book for the Internet). Since that time our trials have gone very well, and the pace of DNSSEC deployments world wide has steadily moved forward.
One key milestone for DNSSEC was the signing of the global DNS root zone on July 15th 2010. The DNS root zone is the top level of the DNS, and this signing was an important milestone in the adoption of DNSSEC. Back in April, ICANN who currently manages the root zone of the DNS system on the Internet, began selecting Trusted Community Representatives, or TCRs, to participate in their key signing ceremonies to generate the first ever DNS Root key that would be used in the signing. On June 16th the TCR selection was finalized and I was asked to participate in the first and second Key Signing Ceremony as a backup crypto officer. It was an honor to meet so many distinguished DNS representatives from around the world and participate in such a historic event. The ceremony was a very detailed and open process for generating the root key and took many hours to complete, but in the end the first DNSSEC key was created.
Here is a short video that ICANN created from the ceremony that covers how the ceremony worked and shows some of the “action” from that day:
With all this momentum, several key top-level domains have also announced recently they are ready to support DNSSEC. The first was .ORG. The other major top-level-domain was .EDU. As these large Domain registries start to support DNSSEC, it allows domain holders like Comcast to sign our domains and make them secure.
If you are interested in following our progress on our DNSSEC trials, take a look at our DNSSEC Information Center
Update 8/25/10: Added correct link to the Key Signing Ceremony.