Why Dan Kaminsky went from neutral to pro DNSSEC
I had the opportunity this past week to meet Dan Kaminsky, Internet Security Researcher with IOActive. Yes, “THE DAN KAMINSKY” that discovered that little bug in the Domain Name System (DNS).
Well, “little” is an understatement. An energetic Dan Kaminsky started his presentation informing the room full of registrars and registries that they are essential players in the initiative to fix DNS. Dan also reminded us that DNS is the only successfully federated database on the Internet today. I could tell these statements were really resonating with the folks in the room. Why? Because the people in the room eat, live and breathe DNS. Dan went through an extremely informative and down to earth presentation on DNS, security, DNSSEC and the role that the registrars and registries must play in order to make a secure DNS. I am hoping that Dan will make this presentation available on his blog “Doxpara” for people to reference as they evaluate their DNSSEC strategy. In the meantime, I jotted down some key takeaways from Dan’s talk.
- DNSSEC isn’t just about “man in the middle” attacks. It’s actually about all of the applications that rely on DNS to work. For example, why in the year 2008 is email not secure?
- DNSSEC isn’t going to solve everything but it’s a starting point…a very important starting point that allows us to start evaluating how to secure the many applications that are intertwined with DNS.
- And here is the big one. DNSSEC is a new tool for Internet security. So new that we do not know yet how developers will leverage a secure DNS for new applications, but rest assured, they will...
Afterwards, I was excited to chat and have some fun with pictures with Dan during dinner where he stated ..."I am now no longer neutral on DNSSEC...the question is not why DNS is broken, it's why everything else is. DNSSEC is likely the answer"