Where has DNSSEC been successful? What are some current statistics about DNSSEC deployment? What are examples of innovations that are happening with DNSSEC and DANE? All of these questions will be discussed at the DNSSEC Workshop at ICANN 53 in Buenos Aires happening on Wednesday, June 24, 2015, from 09:00 – 15:15 Argentina time (UTC-3). You can watch and listen to the session live. more
DNSSEC is a mechanism where clients can verify the authenticity of the answers they receive from servers. There are two sides here. The server must supply signed answers, and the client must verify the signatures on those answers. The validation/verification side is widely implemented, but there are very few signed zones... However, if no one signs their zones, those validating resolvers don't have many signatures to check. more
For the last couple of years, the most common attack vector against the DNS system is the attack against the registrar. Either the attack is on the software itself using weaknesses in the code that could inject DNS changes into the TLD registry, or social engineering the registrar support systems and the attacker receives credentials that in turn allows the attacker to perform malicious changes in DNS. DNSSEC is the common security mechanism that protects the DNS protocol, but by using the registrar attack, any changes will result in a proper working DNS delegation. more
News flash: to help fight California's drought, Samsung is offering a $100,000 prize to the innovator who creates "the most effective use of IoT and ARTIK [Samsung's IoT platform] technology for reducing water consumption by individuals or municipalities." When the average reader of this news headline needs no explanation of what "IoT" means or what this contest is about, we know IoT, or the Internet of Things, is for real. There are already an estimated 25 billion connected devices around the world, according to expert estimates. more
It is not often I go out to my driveway to pick up the Washington Post -- yes, I still enjoy reading a real physical paper, perhaps a sign of age -- and the headline is NOT about how the (insert DC sports team here) lost last night but is instead is about an IT technology. That technology is the Border Gateway Protocol (BGP), a major Internet protocol that has been around for more than a quarter century, before the Internet was commercialized and before most people even knew what the Internet was. more
If you are at all interested in how the Internet's Domain Name System (DNS) works, then one of the most rewarding meetings that is dedicated to this topic is the DNS OARC workshops. I attended the spring workshop in Amsterdam in early May, and the following are my impressions from the presentations and discussion. What makes these meetings unique in the context of DNS is the way it combines operations and research, bringing together researchers, builders and maintainers of DNS software systems, and operators of DNS infrastructure services into a single room and a broad and insightful conversation. more
"Is Your Internet Up-To-Date?" Does your existing Internet connection work with IPv6 and DNSSEC? Do your web sites support IPv6, DNSSEC and TLS? Is there a quick way to find out? Earlier this month a new site, Internet.nl, was launched to make this all easy for anyone to test. All you do is visit the site at en.internet.nl (also available in Dutch) and just follow the very easy links. more
In August of last year I wrote in a blog about the importance of cryptech to wide-scale trust in the Internet. For those who don't know about it, http://cryptech.is is a project aiming to design and deploy an openly developed, trustable Hardware Security Module (HSM) which can act both as a keystore (holding your secrets and keeping them private) and as a signing engine. more
Perceptions can be difficult to change. People see the world through the lens of their own experiences and desires, and new ideas can be difficult to assimilate. Such is the case with the registration ecosystem. Today's operational models exist because of decisions made over time, but the assumptions that were used to support those decisions can (and should) be continuously challenged to ensure that they are addressing today's realities. Are we ready to challenge assumptions? Can the operators of registration services do things differently? more
This Sunday, March 22, 2015, the second Registration Operations Workshop (ROW) will be taking place at the Fairmont Dallas hotel from 12:30 -- 4:30 pm CDT. Discussion will include extensions to EPP, new encryption initiatives and also suggestions for ways to further automate DNS interactions between registries, registrars and DNS operators, including a need to do this for DNSSEC. more
A World-Renowned Source for Internet Developments. Serving Since 2002.