Working Around Slow US Gov. On DNS Security

alphadogg writes "Last fall, the US government sought comments from industry about how better to secure the Internet by deploying DNSSEC on the root zone. But it hasn't taken action since then. Internet policy experts anticipate further delays because the Obama Administration hasn't appointed a Secretary of Commerce yet, the position that oversees Internet addressing issues. Meanwhile, the Internet engineering community is forging ahead with a stopgap to allow DNSSEC deployment without the DNS root zone being signed. Known as a Trust Anchor Repository, the alternative was announced by ICANN last week and has been in testing since October."

Use DNSCurve

[dermoth666]

DNSSEC rely on having a central "trusted" authority to sign all the dns keys. Not even speaking about the inherent security issues with this model, that means that everyone will depend on a single authority for name resolutions (sure Network Solutions loves this)

DNSCurve is a much better solution in that it offers a trust system without the need of a central authority. The key is embedded in the DNS name server (NS) hostnames which are always returned by the upper level name server.

See http://dnscurve.org/index.html

More on this, at 11

[dmneoblade]

In other news, the Internet is seeing the government as damage and routing around it.