Archive for February, 2009

“U.S. government urged to deploy DNS security measures, but through ICANN not VeriSign”

Thursday, February 26th, 2009

Experts to Feds: Sign the DNS root ASAP U.S. government urged to deploy DNS security measures, but through ICANN not VeriSignBy Carolyn Duffy Marsan , Network World , 11/25/2008

http://www.networkworld.com/news/2008/112508-dns-root.html

 

DNSSEC, free SSL certs, diversity in security, conflicts of interest

Friday, February 13th, 2009

emt is right.  With a 1) NOI 20-0 vote in favor of ICANN’s approach to sign the root and 2) Dan Kaminsky publicly pointing out that DNSSEC will give the Internet alternate chains of trust to hang SSL certs and other security services off of – making SSL certs free – it becomes clear that for conflict of interest and security diversity reasons the root should NOT be signed or managed by VeriSign whose primary business IS SSL certs.  I understand ICANN is ready to sign the root now – let them.