ORG was the first generic top-level domain to deploy DNSSEC in 2009. In the eleven years that have followed the world has learned a lot about cryptography and the DNS in general, and about DNSSEC specifically. Maintenance is an important part of any operational technology, and some of the deployment choices that were right in 2009 can be improved upon in 2020.
We came up with a laundry list of things we could change and improve. However, the list we came up with started took too long to tackle in a world where the ability to travel to data centers has become unpredictable and in a year which really demands small, conservative changes over more ambitious adventures. So, we scaled things back a bit. We will get through the whole list, but not all this year.
A couple of weeks ago, our technology partner, Afilias, started executing a plan that we’ve been discussing in public technical forums for the past several months. By the time the plan is complete, we will have made small but important changes in the way that DNSSEC is deployed in .ORG, including the replacement of a particular cryptographic algorithm known as “SHA-1” which, while not obsolete, has definitely been found to be less secure than was thought a decade ago. Every .ORG domain name will benefit from the changes we are making.
As we go through our list, we will share the technical details of the changes with our counterparts at other organizations, because that’s how the Internet works best. We’re also collecting operational data that we can use to better understand the DNS and its reaction to the technical changes we are making. We hope that our fellow research partners in academia will work with us to investigate any interesting new phenomena that come to light.
The first changes have already been made; there are more changes to follow. By sharing our plans widely and as openly as we can about the work we are doing, we’re doing our very best to make sure that nobody notices. The time invested this year will make further improvements easier to implement in the future—just like my backyard, there’s always more work to do.