Slashdot Mirror

← Back to Stories (view on slashdot.org)

Government Begins Securing Root Zone File

Posted by kdawson on Friday October 10, 2008 @02:12AM from the not-before-time dept.

Death Metal notes a Wired piece on the US government beginning the process of securing the root zone file. This is in service of implementing DNSSEC, without which the DNS security hole found by Dan Kaminsky can't be definitively closed. On Thursday morning, a comment period will open on the various proposals on who should hold the keys and sign the root — ICANN, Verisign, or the US government's NTIA.

1 of 198 comments (clear)

Min score:

Reason:

Sort:

I believe DNSSEC is unnecessory... by nweaver · 2008-10-10 02:30 · Score: 5, Informative

I believe DNSSEC is unnecessary to counter the Kaminski attack.
See draft-weaver-dnsext-comprehensive-resolver-00 for how I believe you can secure resolvers against attacks less powerful than MitM, including Kaminski (race-until-win) attacks.

--
Test your net with Netalyzr