« Study: 15 Percent of 'Net Users Age 10-15 Report Sexual Solicitation | Main | OpenID Foundation Picks Up Some Big Players »

February 6, 2008

DNSSEC: Still Just Out of Reach?

Over on Enterprise Networking Planet, Charlie decided to revisit DNSSEC. He first tackled the subject almost three years ago. His nutshell then:

"DNSSEC is really a great idea. There are even a few DNS servers that have implemented it. Unfortunately, it relies on a public/private key system, and that type of system typically doesn't scale Internet-wide. ISC's Bind also supports transaction signatures, which needs key pairs as well. It would be great to see DNSSEC usable on the entire Internet, but there will likely be many different security options for DNS implemented before a keeper is found."

That earned him some heat from readers. But here we are three years later, and as he pointed out to me when we talked about running a followup column, nobody seems to be getting around to the 'net-wide deployment it would take to work as something besides an internal safety:

"Everybody, by now, certainly believes that DNS is critical. The solution unfortunately has not been found. In this basic endeavor to expand trust relationships throughout the whole Internet, we all understand that ultimately a single source needs to be the authority. With SSL there's multiple sources, but their CA keys get manually distributed by Web browser makers.

"Site administrators wishing to dabble in DNSSEC can certainly implement it for their own personal zones. The benefit is pretty minimal, but you can be certain that the integrity of your internal DNS is safe and sound. The other major problem with DNSSEC is that implementing part of it, for most people, just isn't useful. It's an all-or-nothing proposition, and without signed parent zones, the only option is nothing.

"The question is, assuming we want to proceed with DNSSEC:  Who will hold the key to the Internet?

"See the problem?"

I wonder if any of the people who wrote and complained last time will be back again telling us it's going to happen "any day now?"

(Link)

E-mail   0 Comments    Digg This    add to del.icio.us

Posted by mhall at 8:04 PM | Add Comment

Leave a comment











Type the characters you see in the picture above.

 




JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers