In a letter agreeing to participate, ICANN recognizes the urgency surrounding the issue of electronically signing the Internet's "root zone" but stresses the need for this process to be interim.
"We've been working towards a signed root for more than three years. In fact, ICANN has operated a root zone signing test bed for more than two years. So ICANN is aware of the urgency around signing the root to enhance stability and security" Paul Twomey, President and CEO of ICANN said.
"ICANN has agreed to work with VeriSign and the Department of Commerce to first test, and then have production deployment of DNS Security Extensions (DNSSEC) as soon as feasible without prejudice to any proposals that may be made for long term signing processes" said Twomey.
"There will of course need to be consultations with the Internet technical community as the testing and implementation plans are developed" he added.
The NTIA asked for input from the Internet community in October 2008 on the issue of securing the top level of the domain name system (DNS) from vulnerabilities that threaten the accuracy and integrity of the DNS data. Vulnerabilities in the existing DNS have become easier to exploit to the extent that malicious parties may be able to distribute false DNS information, and to re-direct Internet users.
Details of the process are still being worked on but discussions between the Department of Commerce and VeriSign and ICANN have identified that VeriSign will manage and have operational responsibility for the Zone Signing Key in the interim arrangement, and that ICANN will manage the Key Signing Key process. ICANN will work closely with VeriSign regarding the operational and cryptographic issues involved.
"This is very important for the global community of Internet users. We will work closely with all participants on this crucial security initiative." Twomey said.
For more information on DNSSEC deployment, please visit: http://www.icann.org/en/announcements/dnssec-qaa-09oct08-en.htm.