Slashdot Mirror

← Back to Stories (view on slashdot.org)

Government Begins Securing Root Zone File

Posted by kdawson on from the not-before-time dept.

Death Metal notes a Wired piece on the US government beginning the process of securing the root zone file. This is in service of implementing DNSSEC, without which the DNS security hole found by Dan Kaminsky can't be definitively closed. On Thursday morning, a comment period will open on the various proposals on who should hold the keys and sign the root — ICANN, Verisign, or the US government's NTIA.

4 of 198 comments (clear)

  1. None of the above by jeffasselin · · Score: 5, Insightful

    Anyone really thinks any of those organizations should be trusted with this? How about some UN organization instead?

    --
    If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
  2. Who to control... by TheSpoom · · Score: 5, Insightful

    Verisign

    Pros:

    • Quite a bit of money, stability likely wouldn't be a problem

    Cons:

    • Puts a private company in control of a very, very important part of the internet
    • Has previously fucked with DNS, would likely do so again if considered a wise business decision

    US Government

    Pros:

    • Wouldn't dare let it go down since business in their country is very dependent upon it
    • Puts elected officials in charge of a very important part of the internet

    Cons:

    • Nationalizes an important part of an international network
    • Puts elected officials in charge of a very important part of the internet

    ICANN

    Pros:

    • Has been doing this a long time
    • Is a non-profit company so isn't driven by the same business needs as, say, Verisign

    Cons:

    • Still somewhat national

    I'm definitely of the opinion that ICANN should be running it. That said, I don't know everything about the matter, so perhaps there's something that would change my mind. I figure, though, that if it's not broken, don't fix it.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  3. I believe DNSSEC is unnecessory... by nweaver · · Score: 5, Informative

    I believe DNSSEC is unnecessary to counter the Kaminski attack.

    See draft-weaver-dnsext-comprehensive-resolver-00 for how I believe you can secure resolvers against attacks less powerful than MitM, including Kaminski (race-until-win) attacks.

    --
    Test your net with Netalyzr
  4. Re:Those who do not understand DNS by PinkyDead · · Score: 5, Funny

    One key for Google flying oh so high,
    One for Apple for without it fans would moan,
    One for IBM what are based in Armonk, NY,
    One for the Dark Lord on his dark throne
    In the Land of Redmond where the Shadows lie.
    One Key to rule them all, One Key to find them,
    One Key to bring them all and in the darkness bind them
    In the Land of Redmond where the Shadows lie.

    --
    Genesis 1:32 And God typed :wq!