DNSSEC and Online Security at RSA 2009

On Wednesday of last week, I had the opportunity to moderate a panel on Domain Name Security Extensions (“DNSSEC”) for the Anti-Phishing Working Group (APWG) hosted by the RSA Conference in San Francisco, CA. This event included distinguished panelists and experts on DNSSEC including Joe Gersch (Secure 64), Paul Vixie (Internet Systems Consortium, Inc.), Steven Crocker (Shinkuro Inc.), and Ram Mohan (Afilias Limited). The event was attended by over 20 live and telephonic guests and it included a lively discussion about issues surrounding DNSSEC implementation within the industry. The panelists stressed that DNSSEC is a comprehensive upgrade to the Domain Name System (“DNS”) infrastructure intended to thwart cyber attacks.

The panelists stressed the importance of signing the root zone and quickly implementing DNSSEC.  Joe Gersch and Ram Mohan emphasized the variety of solutions available to help implement DNSSEC and each panelist challenged many of the myths that suggest DNSSEC is difficult to implement or somehow harmful to the speed of DNS operations. To the contrary, all of the panelists emphasized the importance and relative ease of DNSSEC implementation. Steve Crocker noted the increasing number of registries, both ccTLD and gTLD, that have implemented or are actively pursuing DNSSEC implementation. Everyone agreed that this is an important security measure that is both overdue and necessary to protect both the DNS and ultimately the end users. The adoption of DNSSEC by an increasing number of registries indicates the awareness of this need and recognition of the importance of DNSSEC.

The panel concluded by mentioning the DNSSEC Industry Coalition led by .ORG, The Public Interest Registry that includes major industry members gathering to address DNSSEC implementation concerns.