The security protocols that govern the way web addresses are handled on the internet are to be changed in a move that could, if ignored by website operators and ISPs, cause major problems for web users.
The changes won’t take place for another year or so, but the Internet Corporation for Assigned Names and Numbers (ICANN) will use this time to make everyone aware of the situation and to avoid any dramas.
ICANN explained that the changes relate to the DNSSEC system used to ensure that when people try to reach a specific website, the system cannot be hijacked to redirect to a different, possibly malicious, website.
The keys used to protect this system are usually renewed every three months as part of the Zone Signing Key (ZSK) protocol that applies to the end of URLs, such as .com, .co.uk and so on.
As long as the firms providing access to the web have the right keys in their network, the system can ensure that people aiming to find a certain website are sent to the right place by checking it against this key.
This in turn is checked against the top-level Key Signing Key (KSK) that validates the ZSK. This is rarely changed but ICANN is now going to update it.
“You can’t keep a cryptographic key forever. It’s not good cyber hygiene. It’s like a password. You should change it regularly,” Matt Larson, vice president of research for the CTO office at ICANN, told V3.
The change isn’t happening overnight. 'Key holders’ at ICANN will meet in October this year, and in February and October next year, to finalise the changes.
“We want a smooth and conservative process to change the key under controlled, normal circumstances, rather than finding it has been compromised, and having to rush it,” said Larson.
Once the new keys have been generated, web operators, such as ISPs, will need to update their systems with the new key so that when a user attempts to visit a website it can validate it against the new KSK.
ICANN hopes that by constantly updating the web world on its progress no-one will be unaware of what needs to be done.
Companies that fail to update their systems with the new key will find that attempts to access their websites will fail.
Just spent a year working on them? Too bad, Intel's lost interest
Sony factory in Wales now making 100,000 Raspberry Pis every week
38-year-old Alexander Vinnik faces up to 55 years in jail
Threadripper also available from today if you want a lot more power - but you'll have to wait for the motherboards to appear