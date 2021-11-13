This information is collected in the ICANN database , and if someone managed to access it, they could make, when we type Google .com in the browser, take us to another website. Would be the ultimate phishing attack , since all users in the world who access Google or any other website, could be redirected to false websites to impersonate that identity, and be able to obtain all the access credentials of the users.

ICANN is the association dedicated to preserving stability on the Internet and assigning IP addresses. The association coordinates the system of DNS worldwide , which is responsible for resolving the addresses that, for example, we write in browsers. Each website is assigned an IP address, and ICANN is the one who has the root key that allows translate a url to the correct IP .

In recent years you will have seen various articles in which it is said that there are seven internet keys in the hands of fourteen people. These people gather every three months In the call Key Signing Ceremony to update and verify the keys. Those keys are what allow access to the ICANN database .

The cryptographic keys are stored in two separate facilities more than 4,000 kilometers apart on each coast of the United States. They also have several layers of security to protect information, including cameras, guards, guarded cells, and safes. The last layer of security is a Hardware Security Module (HSM), which is what stores the keys. If someone tries to open the device, or drops it, the HSM will erase all keys to prevent them from falling into the wrong hands. Each installation of the has two HSMs.

The ceremonies are 100% safe

Also, root keys cannot be used outside of the HSM. To operate this system, it is required that there be a multitude of ICANN members and other members of the technical community, called Trusted Community Representatives. With all of them present, the HSM can be activated.

In the event that all HSM failed at the same time, ICANN has a backup which could be activated in a new HSM, also with the presence of all the members. Each of the members receives a physical key, either a traditional metal one, or a smart card, which are used in the ceremony.

The type of key received depends on the designation of each one, where some are selected as «Cryptographic Officers»And activate HSMs in routine ceremonies. Others are designated as «Recovery Key Share Holders«, And they only use it when it needs to be backed up. In 2020, for example, one of the meetings was delayed because one of the HSMs had failed.

In no case do these keys contain the ICANN keys, but there are others that allow access to them. Thus, only by having them all is it possible to access those keys, which can only happen in a scheduled meeting.

Therefore, the review mechanism of ICANN keys continues to be used. However, a security breach in it would not imply the end of the Internet or that one person could control the entire Internet, but it would imply a huge generalized chaos until it was resolved.