Communications of the ACM
A New Web of Trust
A year after security researchers exposed a flaw in the Domain Name System (DNS), a permanent solution is finally being implemented. The DNSSEC protocol, which verifies DNS messages with digital signatures, is being implemented by the Public Interest Registry (PIR), which handles the .org domain. The U.S. government also plans to use DNSSEC for .gov domains, and the newly formed DNSSEC Industry Coalition is working to get the protocol deployed across more domains. DNSSEC was developed 14 years ago, but its adoption was delayed due to concerns that it was unnecessarily complex. PIR CEO Alexa Raad says many organizations responsible for domain names were not implementing DNSSEC because they would either be sending out credentials to servers that were not listening for authentication, or they would be listening for credentials that did not exist. PIR started implementing DNSSEC before the flaw was announced, Raad says, in an effort to set an example that would inspire other organizations to implement it. She says the debate has shifted from a discussion of whether DNSSEC is really necessary to how to deploy it. An increasing number of Web sites have implemented DNSSEC, and experts believe more sites and top domains will adopt the protocol. "With .gov and .org signed, there's finally a market for DNSSEC technology and services," says Internet Systems Consortium president Paul Vixie. "Now that some others are implementing DNSSEC, many others will want to be in the business of providing DNSSEC solutions, and that will in turn make it possible for a lot of fence-sitters to finally climb down and join us."
From Technology Review
View Full ArticleNo entries found