The DNSSEC Groundswell
It’s been 15 long years since the standard for DNSSEC was developed and sadly adoption has been painfully low until recently, thanks to Dan Kaminsky, the infamous Internet Researcher who indentified that gaping hole in the DNS. The discovery of the fundamental flaw in DNS sparked industry wide attention! Every day, we move a little closer to widespread DNSSEC adoption, so I thought I’d take a moment and highlight some of the most notable milestones.
The Registry operator for .COM and .NET announced this week that they will adopt the DNSSEC standard by 2011. VeriSign’s commitment is well received as .COM and .NET represents such a large number of domain names on the Internet.
The ITAR is here! The ITAR is here! This is the next best news in the world of DNSSEC aside from the root being signed. Ah Hemm!
The U.S. Federal Government Mandate
The federal government mandated that .GOV implement DNSSEC by January of 2009 and all Agency .GOV domains DNSSEC signed by December 2009.
Online Payment Giant, PayPal publically supports DNSSEC in a letter to The National Telecommunications and Information Administration (NTIA).
Power in Numbers
“The whole is more than the sum of its parts.” Aristotle, Metaphysica
I am fortunate enough to be leading the DNSSEC Industry Coalition. I have been extremely pleased with the eagerness, collaboration and output that this group has put forth in the DNSSEC initiative. It has been tremendous to see these organizations pull together to work towards and safer and more secure Internet.
In October of last year, Comcast made available a DNSSEC resolver for the Internet community to test against. They are also documenting best practices and case studies as they perform testing, evaluate how to deploy DNSSEC resolvers widely and how to sign their own zones. Comcast is being so gracious as to share their experiences with the Internet community. This is yet another example of industry wide collaboration in moving towards robust Internet security.
Historically, DNSSEC lacked Registrar support and attention and this was a difficult challenge to overcome for those working towards DNSSEC adoption. I am now pleased to report that Registrars are coming around. Some are tackling DNSSEC with full force, others are itching to “play around and test DNSSEC” and the remaining registrars are at least watching and listening what is going on in the world of DNSSEC because they know industry wide deployment is inevitable. The DNSSEC Industry Coalition realizes that Registrars are very critical to the deployment of DNSSEC. We invite Registrars to join our Review Team to evaluate the work of the coalition and to provide the coalition with valuable information from a registrar's unique perspective.
.ORG is pleased to be the first generic Top Level Domain to implement DNSSEC to bolster Internet security and stability. We are working diligently towards signing .ORG in early 2009.
Stay tuned as I continue to track industry wide DNSSEC milestones.