Archive for September, 2010

DNSSEC – a cornerstone for Internet security

Saturday, September 11th, 2010

Ok, after speaking with a few of the people that did the real technical and political work behind the scenes to get DNSSEC deployed…the root is signed; it has buy-in and regular participation from DNS experts around the world; the publisher – VeriSign has sold off its SSL business avoiding conflicts of interest and “security monoculture” problems; and engineers have recognized DNSSEC’s potential as a global authentication source and “a cornerstone for Internet security”.  Its not perfect as pointed out by others, but it is a big step.  “Continued collaboration” with registrars will be needed to secure the rest.

dnssec root might be good enough with US guarantee

Saturday, September 11th, 2010

Even though the NTIA mandated split KSK/ZSK managment (http://www.ntia.doc.gov/DNS/DNSSEC_Requirements_102909.pdf) remains a weak link in the chain of trust, since the US government has fought hard for this and staked their reputation on it, I assume they will do the right thing.