Ever have one of those weeks where you leave on a business trip and when you return, you’re surprised at all the changes? Traffic has been rerouted through the airport, that empty storefront on the main drag is now a new restaurant, the neighbors have a new puppy?
It happens to me all the time. I walk through the front door and Paige updates me on the store openings and closings, homes newly for sale, neighborhood and school crises.
I generally enjoy the update, because most of the changes seem like progress.
This week, the changes didn’t wait until I got home. I left for Dallas on Monday, and by Tuesday the Public Interest Registry announced that they’d signed the .org zone on an experimental basis. Theirs is the first “open” generic top-level domain to be signed, as well as the largest signed zone. That’s obviously great if you run a subdomain of .org and are keen to sign it, but it’s even good for folks with subdomains of other gTLDs, since it’ll put pressure on their registries to sign those zones, too.
Then on Wednesday, the National Telecommunications and Information Administration, or NTIA, part of the U.S. Department of Commerce that has responsibility for oversight of the root zone, announced that they’d work with ICANN and VeriSign to sign the root by the end of the year. Here’s the most significant part of that announcement:
The parties are working on an interim approach to deployment, by yearsend, of a security technology — Domain Name System Security Extensions(DNSSEC) — at the authoritative root zone (i.e., the address book) ofthe Internet.Notwithstanding the tortured Federalese and its vagueness, this is good news. While it’s still unclear who will manage the root zone and when the DNSSEC deployment will move to production, at least there’s evidence progress is being made, including a timetable for the trial.
Dan Goodin of The Register, who tipped me off to the NTIA announcement, has a few more details in this article.
The signing of the root zone is particularly critical to widespread adoption of DNSSEC because, once the root is signed, administrators need only add the root’s public key to their name servers’ configurations to enable validation of data in most signed zones. Today, you need to hardcode public keys for each signed top-level domain – about eight of them – to validate their data.
That’s a huge amount of progress for a single week – particularly relative to the DNSSEC doldrums we’ve been stuck in recently. And I’m traveling for the next three weeks, so who knows what further progress we’ll see by the time I’m back!