.ORG talks with Dan Kaminsky on DNSSEC
We’re kicking off a series of interviews with luminaries in the Internet, security, non-profit, and social networking spaces over the next several months. This month, we spoke to Dan Kaminsky, a preeminent security researcher known for discovering a fundamental flaw in the DNS system that translates website URLs to Internet routing numbers and enabling website impersonations and attacks.
Since discovering the vulnerability in April of 2008, Dan has been at the forefront of collaborative efforts to address this issue. We spoke with Dan this month to discuss his thoughts on DNSSEC and how it is a critical step toward bolstering Internet security. You can learn more at his blog, Doxpara.com.
The problem, he said, largely stems from the fact that the Internet is more malleable than we’d like to admit…We need a universal identity system for the web, a universal place for people to put trusted information…” DNSSEC itself, which Dan referred to as a “technical issue that affect(s) the stability of the Internet,” is a link in a much longer chain of processes, ending with the signing of the root, that will lead to enhanced security within Internet domains. As Dan mentioned in his comments supporting the implementation of DNSSEC, “Now, we’re using the Internet to run our businesses. It should be the case that this bug doesn’t matter; it should be the case that everyone has securely encrypted email and SSL certificates. Those are things that “should be,” but it’s not the way things really are…”
To this end, .ORG has been taking the first steps to create a more secured Internet for the .ORG community in order for them to pursue their business goals and impact the greater good without possible threats. Dan agrees, however, that the signing of the root is the essential next step in order to make DNSSEC a full reality. “There are established business relationships up and down the registrar/registry network…we need to leverage those relationships…once the root is signed and the top level domains are signed.”
.ORG is the first gTLD to begin what Dan referred to as “the journey of a thousand miles,” the process of implementing DNSSEC, and in so doing is working to move toward increased Internet security.
A recent article in Internet News that ran on September 26, 2008 by Sean Kerner entitled “.ORG – The Most Secure Domain? With a new effort for DNSSEC underway, security is front and center at the Public Interest Registry”, continues the dialogue and notes .ORG’s iterative approach to the implementation of DNSSEC that includes the setting of key goals throughout the process based on a beta test phase called “Friends & Family”.
Have you thought about how DNSSEC relates to you? Help us understand your needs to address this security vulnerability.