On July 28th DNSSEC took center stage at the 2010 Black Hat Conference in Las Vegas. Two years ago, at the same conference, Dan Kaminsky unveiled the infamous DNS bug that many believe became a major catalyst for DNSSEC implementation. To kick things off, Jeff Moss — founder of Black Hat — in his opening speech called out the fact that "we have not solved any fundamental problems" and noted that the technical community must catch up. Providing countless band-aids for major issues is not acceptable when working towards a safe and secure internet for all. Roughly four hours later Rod Beckstrom declared to a packed room of reporters that "DNSSEC is the biggest structural improvement in the Internet in 20 years, specifically, since the introduction of the world wide web." Clearly, DNSSEC is not a band-aid fix.
Now that the root is in production with DNSSEC, Kaminsky sees new and exciting possibilities in the areas of online security, beyond addressing man in the middle attacks. He believes full scale adoption could thwart a variety of threats. "We've been looking at how DNSSEC is going to address not only DNS vulnerabilities, but some of the core vulnerabilities we have in security," Kaminsky said during a Black Hat interview. "We're not going to solve all of those problems with DNSSEC, but there's an entire class of authentication vulnerabilities that DNSSEC does address." One example he cited was secured emails. Basically, Dan Kaminsky wants to know that an email from his bank actually came from his bank. The Internet may be 25 years old, but DNSSEC is only been in full production at the root for mere weeks, so the possibilities are endless.
Later that day, Dan Kaminsky gave a talk on the Black Ops of Fundamental Defense, where he dispelled the notion that deploying DNSSEC is difficult, costly, and time-consuming, by signing a .ORG site end-to-end with DNSSEC in less than two minutes. DNSSEC, as we know it today, took eighteen years to make it into production. It may not be perfect, and certainly a lot harder to develop and implement than the two minutes it took for Kaminsky to deploy it, but for one day it was the toast of the town, and a much deserved one at that — especially for the folks at IETF who worked on it since day one. Cheers!
By Lauren Price, Sr. Product Marketing Manager, .ORG, The Public Interest Registry. Lauren Price also contributes to the .Org weblog located here.
Related topics: DNS, DNS Security, Security
To post comments, please login or create an account.
DNSSponsored byNeustar UltraDNS | |
Top-Level DomainsSponsored byMinds + Machines | |
MobileSponsored bydotMobi | |
DNS SecuritySponsored byAfilias | |
IPv6Sponsored byNominum | |
SecuritySponsored byVerisign |
