taking introductory steps to implement DNSSEC (Domain Name System Security Extensions)... In order to make DNSSEC effective, there is one additional step that is needed -- "signing the root"." />

Home / Industry

On the Pressing Need for a Signed Root

Attacks on the security of the Internet have been much in the news lately, and there is an increased urgency to take the technical steps to combat these attacks. .ORG has been doing its part to lead this process by taking introductory steps to implement DNSSEC (Domain Name System Security Extensions). Using DNSSEC, domain name holders can protect the integrity of data in the Domain Name System by digitally signing their domains. In order to make DNSSEC effective, there is one additional step that is needed — "signing the root". If a digital signature is applied to the root of the Domain Name System, end-to-end assurance of the data is possible. Without a signature on the root, it is impossible to assure the validity of any of the other signatures in the system.

.ORG believes that the time has come to separate the technical matter of signing the root from the unrelated political row over who controls the content of the root, and the nature of the Department of Commerce's oversight of ICANN. There are serious threats to the security and stability of the Internet that DNSSEC will assist in addressing. The near unanimous opinions of the best technical minds are that first we sign the root, and then we take care of the political arguments.

.ORG supports the technical community on this critically important issue. We understand that IANA (the authoritative body that manages changes in the root zone file) has in fact been signing the root every morning for the past year, as a demonstration of technical feasibility, and as an aid to DNSSEC implementers. However, they've been prevented by NTIA from distributing the signed version. Since IANA has the capability, we strongly believe they should be allowed to proceed.

Written by David Maher, Senior Vice President, Law & Policy

About PIR

PIR

Public Interest Registry is a nonprofit corporation that operates the .org top-level domain – the world's third largest "generic" top-level domain with more than 10 million domain names registered worldwide. As an advocate for collaboration, safety and security on the Internet, Public Interest Registry's mission is to empower the global noncommercial community to use the Internet more effectively, and to take a leadership position among Internet stakeholders on policy and other issues relating to the domain naming system. Learn More

Related topics: DNS, DNS Security, Registry Services, ICANN, Security, Top-Level Domains

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

MarkMonitor Takes a Look at Progress on New gTLD Program in Latest Report

Priority Access Program for Verisign's First IDN New gTLD, .コム

Minds + Machines Group Expands Into Chinese Market

Dyn Weighs In On Whois

New .PET Domain Sunrise Period Begins January 19

Minds + Machines Adds .boston to geo-TLD Portfolio

.CO Hits 2 Million Domains as Premium Sales Surge

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Neustar's Career Site Launched Under Its Own Branded TLD: 'careers.neustar'

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Radix Closes Holiday Sales With Over 35K Paid Registrations

Another Tech Leader Joins .tech

Radix's .ONLINE Fastest to Sell 100,000 Domains

.PRO Domains Now Available to All

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Protect Your Privacy - Opt Out of Public DNS Data Collection

The ".law" Domain Gains Momentum Throughout the Legal Profession

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Sponsored Topics