The following post is based on a recent discussion .ORG had with Dan Kaminsky, a DNS expert best know for discovering a serious DNS bug (Website, CircleID Profile), about DNSSEC and how it is a critical step toward bolstering Internet security.
The problem, he said, largely stems from the fact that the Internet is more malleable than we'd like to admit...We need a universal identity system for the web, a universal place for people to put trusted information..." DNSSEC itself, which Dan referred to as a "technical issue that affect(s) the stability of the Internet," is a link in a much longer chain of processes, ending with the signing of the root, that will lead to enhanced security within Internet domains. As Dan mentioned in his comments supporting the implementation of DNSSEC, "Now, we're using the Internet to run our businesses. It should be the case that this bug doesn't matter; it should be the case that everyone has securely encrypted email and SSL certificates. Those are things that "should be," but it's not the way things really are..."
To this end, .ORG has been taking the first steps to create a more secured Internet for the .ORG community in order for them to pursue their business goals and impact the greater good without possible threats. Dan agrees, however, that the signing of the root is the essential next step in order to make DNSSEC a full reality. "There are established business relationships up and down the registrar/registry network...we need to leverage those relationships...once the root is signed and the top level domains are signed."
.ORG is the first gTLD to begin what Dan referred to as "the journey of a thousand miles," the process of implementing DNSSEC, and in so doing is working to move toward increased Internet security.
A recent article in Internet News that ran on September 26, 2008 by Sean Kerner entitled ".ORG - The Most Secure Domain? With a new effort for DNSSEC underway, security is front and center at the Public Interest Registry”, continues the dialogue and notes .ORG's iterative approach to the implementation of DNSSEC that includes the setting of key goals throughout the process based on a beta test phase called "Friends & Family".
Have you thought about how DNSSEC relates to you? Help us understand your needs to address this security vulnerability.
Public Interest Registry is a nonprofit corporation that operates the .org top-level domain – the world's third largest "generic" top-level domain with more than 10 million domain names registered worldwide. As an advocate for collaboration, safety and security on the Internet, Public Interest Registry's mission is to empower the global noncommercial community to use the Internet more effectively, and to take a leadership position among Internet stakeholders on policy and other issues relating to the domain naming system. (Learn More)
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DNS Services
Minds + Machines
Neustar DDoS Protection