Home / Blogs

DNSSEC Taking Center Stage at 2010 Black Hat

Lauren Price

On July 28th DNSSEC took center stage at the 2010 Black Hat Conference in Las Vegas. Two years ago, at the same conference, Dan Kaminsky unveiled the infamous DNS bug that many believe became a major catalyst for DNSSEC implementation. To kick things off, Jeff Moss — founder of Black Hat — in his opening speech called out the fact that "we have not solved any fundamental problems" and noted that the technical community must catch up. Providing countless band-aids for major issues is not acceptable when working towards a safe and secure internet for all. Roughly four hours later Rod Beckstrom declared to a packed room of reporters that "DNSSEC is the biggest structural improvement in the Internet in 20 years, specifically, since the introduction of the world wide web." Clearly, DNSSEC is not a band-aid fix.

Now that the root is in production with DNSSEC, Kaminsky sees new and exciting possibilities in the areas of online security, beyond addressing man in the middle attacks. He believes full scale adoption could thwart a variety of threats. "We've been looking at how DNSSEC is going to address not only DNS vulnerabilities, but some of the core vulnerabilities we have in security," Kaminsky said during a Black Hat interview. "We're not going to solve all of those problems with DNSSEC, but there's an entire class of authentication vulnerabilities that DNSSEC does address." One example he cited was secured emails. Basically, Dan Kaminsky wants to know that an email from his bank actually came from his bank. The Internet may be 25 years old, but DNSSEC is only been in full production at the root for mere weeks, so the possibilities are endless.

Later that day, Dan Kaminsky gave a talk on the Black Ops of Fundamental Defense, where he dispelled the notion that deploying DNSSEC is difficult, costly, and time-consuming, by signing a .ORG site end-to-end with DNSSEC in less than two minutes. DNSSEC, as we know it today, took eighteen years to make it into production. It may not be perfect, and certainly a lot harder to develop and implement than the two minutes it took for Kaminsky to deploy it, but for one day it was the toast of the town, and a much deserved one at that — especially for the folks at IETF who worked on it since day one. Cheers!

By Lauren Price, Sr. Product Marketing Manager, .ORG, The Public Interest Registry – Lauren Price also contributes to the .Org weblog located hereVisit Page
Follow CircleID on
Related topics: Cybersecurity, DNS, DNS Security
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign