[AfrICANN-discuss] Internet takes DNSSEC on board

Thu Jul 15 21:24:46 SAST 2010

 Internet takes DNSSEC on board
http://www.networkworld.com/news/2010/071510-internet-takes-dnssec-on.html?hpg1=bn

Root servers get assigned security standard
 By Maxwell Cooter, TechWorld
July 15, 2010 10:21 AM ET

The Internet is set to get a whole lot safer, the security standard DNSSEC
is set to be assigned to the Internet's 13 root servers from later today.

It makes the end of a long trail; DNSSEC has been some years in its
implementation yet has still failed to penetrate the wider
market<http://news.techworld.com/security/116607/companies-still-shy-away-from-dnssec/>,
despite the efforts of IETF, the Internet registries and the US government.
Re-Inventing Network Security: Download
now<http://www.accelacomm.com/jaw/nwwlib/7/51030950/&SOURCE=00008550001112NWW4U4PB3CGRK>

Naming registry ICANN has been working with Verisign and the US department
of commerce for some time to make DNSSEC a more integrated part of the
Internet infrastructure. ICANN's DNS director, Joe Abley, said that the
rollout of DNSSEC to the root servers had been a long one. "We Started
rolling it since January - it's a slow rollout,. We've taken 6 months to do
this - it's not like in enterprises where you trial something and go live
next week.

According to Daniel Karrenberg, chief scientist with European regional
Internet registry RIPE-NCC, the assignation of DNSSEC to the root servers is
going to take away a considerable burden from ISPs as it will eliminate a
big maintenance headache. "Once DNSEC is assigned to the root servers,
there's no longer any need for ISPs to do any configuration, they'll be able
to verify DNS right from the top," he said. With this technology, Internet
users will be able type a website address and be confident that the website
being displayed is coming from an authorised server. He warned that the
average users wouldn't notice much difference "There'll be no padlocks
suddenly appearing on browsers, or anything like that," he said but he added
that life should now be easier for service providers and T departments.

Both Abley and Karrenberg warned that it might not be plain sailing.
"Anytime you make a change to an established system, it's been well
understood - there's an instilled knowledge how this will work, "said Abley.
"With something new, you always get a risk - we're trying to manage that
risk"

The DNSSEC move doesn't mean that the Internet is automatically secure said
Kevin Hogan, director at Symantec Security Response. "It's a start and a
very big start. However, any expectation that this milestone marks the date
that the Internet suddenly becomes safe is exaggerated. To be effective,
DNSSEC needs to be implemented down the whole DNS chain, from the root down
to your ISP or company, so there are still many more milestones to be
achieved before DNSSEC can achieve some of its promise, even if cyber
criminals don't identify ways around the signed response safeguard," he
said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20100715/f9e8f423/attachment.htm