The US Department of Homeland Security (DHS) wants to have the key to sign the DNS root zone solidly in the hands of the US government.
This ultimate master key would then allow authorities to track DNS Security Extensions (DNSSec) all the way back to the servers that represent the name system’s root zone on the Internet. The “key-signing key” signs the zone key, which is held by VeriSign.
At the meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) in Lisbon, Bernard Turcotte, president of the Canadian Internet Registration Authority (CIRA) drew everyone’s attention to this proposal as a representative of the national top-level domain registries (ccTLDs).
At the ICANN meeting, Turcotte said that the managers of country registries were concerned about this proposal.
When contacted by heise online, Turcotte said that the national registries had informed their governmental representatives about the DHS’s plans. A representative of the EU Commission said that the matter is being discussed with EU member states.
DNSSec is seen as a necessary measure to keep the growing number of manipulations on the net under control.