Discussions around DNSSEC are so often focused on the root, the attacks, what DNSSEC does and doesn't do and so on — and these are all valid and important points. But there is far less attention focused on the opportunities that will surface from an authenticated internet.
Before I jump into the opportunities, first let's go through some DNS basics.
At the heart of the Internet's web service is the domain naming system, referred to as the "DNS". The domain naming system or DNS is like a phone book. Working with that analogy, let's say you decide that you want to call "Lauren's Lollipop Shop", but you don't know the number. You grab the phone book and, using the name, you get the phone number, and then you make the call.
The DNS works in much the same way. You know the name of website "lollipopshop.org", but you don't know the "number" (in computer-speak, this would be the IP address). When you type in www.lollipopshop.org, the phone book (the DNS) provides the lookup, and then your computer "dials the number" by going to the website.
The current problem with the DNS is that when it looks up a "number" for you, a group of bad guys can insert a different phone number into the phone book, one which pretends to be "Lauren's Lollipop Shop". When the bad guys answer the phone you assume it's the lollipop shop and give your critical information, such as your credit card information, to order 10,000 lollipops.
DNSSEC is a security measure that can help mitigate this risk known as domain hijacking also known as man in the middle attacks. DNSSEC digitally signs answers to DNS lookups using public-key cryptography. With DNSSEC in place, the bad guys can't lead you astray, because you won't be misdirected by them.
Now let's ask ourselves, what opportunities can surface when DNSSEC is deployed industry wide? DNSSEC is becoming more of a reality now — rather than a technical discussion which has been stuck in the mud for 15 years. We can now begin to think about new opportunities to build from a secure DNS, opportunities that build on the certainty that you have arrived at the correct website. Today, you can't be sure.
Will you be able to fully trust SSL and VPNs? Today, they cannot be trusted with certainty. SSL and VPN are past the point — they check to make sure that the website is real once you've already gotten there. DNSSEC ensures you get to the right place.
Let's look at some opportunities for the technologies we use today:
What are all the real world applications that can benefit?
Ideas that come to mind are: healthcare records online; trusted online financial transactions; more efficient ways to communicate and conduct commerce, government and social interactions. What new applications can be built with this new landscape? Are there cost savings on the horizon which would curtail our current mind-boggling spend on online security? What else?
Considering the enormous amounts of private and critical data that is kept online, you want to be 100% certain of who is at the "other end of the line" — or in between for that matter. Today you cannot be certain, but with DNSSEC, you can gain a better level of trust. Let's now focus on the opportunities and the new wave of secure applications that can be built on an authenticated internet and a stronger more reliable DNS.
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DNS Services
Minds + Machines
Neustar DDoS Protection