Archive for August, 2008

DNSSEC steps 1 and 2 – not out of the woods yet

Saturday, August 23rd, 2008

Hey this is a great first step ( and OMB mandating DNSSEC for itself ( ) is another.  So its down to ICANN or Verisign signing the root.  Thats a tough call, both have drawbacks but at least with ICANN there is public oversight.  If NTIA just forces the world to choose Verisign (like it is trying to do with WHOIS decisions, there would be no international oversight and the “US signed” root likely becomes and island while alternate roots pop-up around the world. Unfortunately with the connections NTIA has with Verisign it will probably be Washington business as usual.  Got to keep the light shined on NTIA and keep the process moving.

US Department of Commerce is keeping us from protecting ourselves

Wednesday, August 6th, 2008

According to the experts “DNSSEC is the only full solution” to the recent exposure by Dan Kaminsky of a major security flaw in the Internet. However, guess who is blocking a major part of this deployment from happening? Yep – one small non-technical department in the US government that, frighteningly, advises the White House on technical matters – NTIA. Oddly enough most of the other US government agencies have long seen the value of DNSSEC – so much so that its deployment is about to be mandated across all agencies. Someone ought to tell NTIA 😉 All NTIA has to do is remove itself from the technical micro-managing of the Internet and let IANA throw the switch to deploy DNSSEC on the root as it is ready to do. They should keep out of technical areas where it has no expertise and let other agencies that do such as NIST, DHS, NSA and others (who I hear have agreed with the DNSSEC mandate and don’t even want to hold any special “keys”) offer their technical expertise and cooperation. The Internet is too important to be held hostage to silly internal politics. The White House must realize that if NTIA becomes an obstacle to the security of the Internet, any perceived benefit from US oversight will be lost, and the hostage will just walk away and have the root zone signed and managed elsewhere.