By Juxhina Malaj, Marketing and Communication Coordinator at Silvae Technologies

Secure data center in Culpeppper, VA - location of first DNSSEC key signing ceremony

Have you ever wondered who controls the internet and how? According to an article published by Business Insider UK, ‘the internet is controlled by 14 people who hold 7 secret keys.’ Seven of them are the key holders, while the other seven are the backup key holders. By sharing the control among 14 people, the Internet Corporation for Assigned Names and Numbers (ICANN) can make the database even more secured and if anything unexpected happens, ICANN can rebuild the database at anytime.  

The seven keys that control the internet are actually physical keys. In fact there is a key ceremony called Domain Name System Security Extensions (DNSSEC) organized by ICANN. Every key ceremony involves the staff of ICANN and 14 volunteers who are known as Trusted Community Representatives (TCRs) according to ICANN official website.

“Each TCR is a respected member of the technical Domain Name System (DNS) community in their home country. They are also unaffiliated to ICANN, VeriSign or the US Department of Commerce, and have been assigned a separate key management role within the ceremony. The involvement of these independent participants provides transparency of process -- a successful key ceremony is only possible if the TCRs involved are satisfied that all steps were executed accurately and correctly.”

The very first DNSSEC key ceremony took place on June 16, 2010 in Culpeper, VA. The location of the key ceremony is a high security data center outside of Washington, DC. The purpose of the first ceremony was to generate and securely store the first cryptographic digital key. Security and transparency are the top priorities of the key ceremony because they assure the whole internet community that any procedures and signatures are made from trusted people that attend the ceremony.

The second key ceremony within the year 2010 was held in Los Angeles in early July. ICANN has decided to have two separate locations for the key ceremony in case an unexpected disaster happens to one of the locations. By having two completely separate facilities, ICANN can make sure that the key ceremony will continue to happen no matter what happens. There are four scheduled key ceremonies that happen each year, two ceremonies per each location scheduled at two different times per year.

In 2014, the special projects editor of the Guardian, James Ball was present at one of the key ceremonies and was able to experience the high secured ritual of the ceremony where the new master key used to access ICANN database was generated.  “The physical keys unlock safe deposit boxes stashed around the world. Inside those boxes are smart key cards. Put the seven smartcards together and you have the master key,” according to an article by Julie Bort.

 James Ball reported that in order to enter the ritual room, every person invited to attend the key ceremony had to pass through numerous locked doors by using a combination of hand scanners and key codes.