ICANN manages one of the 13 DNS root server clusters, so it will be able to detect if there are any problems with the new keys or configuration problems with DNSSec.
Though introduced in 2010, DNSSec adoption has been slow, and there is disagreement among experts over its effectiveness. Even so, Vixie notes there has been steady growth, especially with the increase in DNS-based attacks in recent years.
It's worth noting that ICANN wasn't being negligent for not changing the key signing key earlier. When DNSSec was first introduced, the agreement was that the rollover should occur around every five years. The stakeholders involved in the decision picked that time span because they felt that a rollover should not be rushed, Vixie says. The next rollover after this one is expected in 2022.
DNSSec's job isn't to encrypt data on the site or in transit, but to ensure users end up on the sites they're expecting to visit. ICANN and its partner root zone administrators are making sure that internet users will continue to be able to rely on DNS for the foreseeable future.
Sign up for CIO Asia eNewsletters.