Analysis: Owning the Keys to the Internet RRS feed

  • Question

  • The U.S. government is moving ahead with its plans to create a new security system for the Domain Name System (DNS), despite concerns from international Internet management companies. The DNS directs Internet users to the sites they want to visit by translating URLs into numerical Internet Protocol (IP) addresses, but because the DNS was built with a relatively open structure, criminals can use techniques known as DNS "spoofing" or "poisoning" to create duplicate Web sites to steal information from users who think they are logging on to their bank or email accounts. The DNS Security Extensions Protocol (DNSSec) is intended to create instantaneous authentication of DNS information, eliminating the opportunity for DNS abuse and essentially creating a series of digital keys for the system. The question that many groups are asking is who should control the key for the DNS Root Zone, the part of the system that is above top-level domains such as .com and .org. The U.S. Department of Homeland Security, which is funding the development of a technical plan for implementing DNSSec, issued an initial draft in October that essentially narrowed potential Root Zone Key operators down to a government agency or a private contractor, though no specific organizations were listed. A new version of the draft specification for the DNSSec plan that incorporates input from experts could be ready by the end of this summer, says Douglas Maughan of the Department of Homeland Security's Science and Technology Directorate. Canadian Internet Registration Authority President Bernard Turcotte and others are concerned the U.S. would unilaterally implement DNSSec. "We want to ensure that whatever measures are implemented are well coordinated," Turcotte says. Maughan says the U.S. government is committed to using DNSSec within the .gov domain, but he says "it will take a lot more people to get involved" to globally deploy DNSSec
    Wednesday, April 18, 2007 7:41 AM