Home / Industry

On the Pressing Need for a Signed Root

Attacks on the security of the Internet have been much in the news lately, and there is an increased urgency to take the technical steps to combat these attacks. .ORG has been doing its part to lead this process by taking introductory steps to implement DNSSEC (Domain Name System Security Extensions). Using DNSSEC, domain name holders can protect the integrity of data in the Domain Name System by digitally signing their domains. In order to make DNSSEC effective, there is one additional step that is needed — "signing the root". If a digital signature is applied to the root of the Domain Name System, end-to-end assurance of the data is possible. Without a signature on the root, it is impossible to assure the validity of any of the other signatures in the system.

.ORG believes that the time has come to separate the technical matter of signing the root from the unrelated political row over who controls the content of the root, and the nature of the Department of Commerce's oversight of ICANN. There are serious threats to the security and stability of the Internet that DNSSEC will assist in addressing. The near unanimous opinions of the best technical minds are that first we sign the root, and then we take care of the political arguments.

.ORG supports the technical community on this critically important issue. We understand that IANA (the authoritative body that manages changes in the root zone file) has in fact been signing the root every morning for the past year, as a demonstration of technical feasibility, and as an aid to DNSSEC implementers. However, they've been prevented by NTIA from distributing the signed version. Since IANA has the capability, we strongly believe they should be allowed to proceed.

Written by David Maher, Senior Vice President, Law & Policy

About PIR

PIR

Trusted across all ages, backgrounds and nationalities, .ORG is where people turn to find credible information, get involved, fund causes and support advocacy. .ORG, The Public Interest Registry empowers the global noncommercial community to use the Internet more effectively and, concurrently, takes a leadership position among Internet stakeholders on policy and related issues on behalf of the .ORG Community. (Learn More)

Related topics: DNS, DNS Security, Registry Services, ICANN, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

General Availability Period for New .RED Top-Level Domain Opens

General Availability Period for New .BLUE Top-Level Domain Opens

General Availability Period for New .PINK Top-Level Domain Opens

New Chinese "Mobile" Top-Level Domain Now Available

New .KIM Domain Goes Live

Welcome .SHIKSHA! General Availability Now Open

Adrian Kinderis Appointed as Chair of Domain Name Association

Internet Reaches 271 Million Domain Names in the Fourth Quarter of 2013

Why We Decided to Stop Offering Free Accounts

The Future of Chinese Domain Names (a Panel Discussion)

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

Tony Kirsch Announced As Head of Global Consulting of ARI Registry Services

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Afilias Chairman Appointed to Domain Name Association Board

.BUILD Enters Landrush with Support of ARI Registry Services

Dyn Acquires Managed DNS Provider Nettica

Radix Awards Contracts for .website, .host, .space, and .press to CentralNic plc

DotConnectAfrica Statement Regarding NTIA's Intent to Transition Key Internet Domain Name Function

Afilias Welcomes "Dot Chinese Online" and "Dot Chinese Website" Top-Level Domains to the Internet

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Sponsored Topics