Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNSSEC Implementation Held Up By Tech Delays

Posted by timothy on Monday November 16, 2009 @07:40AM from the not-just-those-dogs-in-the-hallway dept.

Jack Spine writes "VeriSign has said that the main obstacle to DNSSEC implementation has been technical delays. The large size of the .com and .net domains would have made it impractical to deploy earlier versions of DNSSEC, according to VeriSign vice president of naming services Pat Kane. Deployment of DNSSEC will close a major security flaw in the DNS, the internet's equivalent to a telephone directory. The problem of DNS cache poisoning was thrown into sharp relief by researcher Dan Kaminsky last year."

4 of 57 comments (clear)

Min score:

Reason:

Sort:

Can someone explain ZSK and KSK? by rsborg · 2009-11-16 07:50 · Score: 3, Insightful

Kane said that VeriSign will create and manage the zone-signing key (ZSK) for the root zone, and sign the root zone, for .net and .com. Icann will create, manage and publish the root zone key-signing key (KSK).
This is over my head, as the terminology seems repetitive (ZSK for root zone vs. root zone for KSK ?!?!)... can anyone explain the details to a DNSSEC initiate (A quick google search didn't yield any easily understandable content).

--
Make sure everyone's vote counts: Verified Voting
Technical delays, Yeah Right. by lbalbalba · 2009-11-16 07:56 · Score: 2, Insightful

Unable or unwilling admins is more like it.
1. Re:Technical delays, Yeah Right. by Anonymous Coward · 2009-11-16 08:21 · Score: 3, Insightful
  
  Yeah, Verisign, the largest certificate authority, is the organization responsible for implementing the feature of DNS that basically makes certificate authorities less necessary? I'm sure they're all over trying to get this done quickly.
Re:uh by lbalbalba · 2009-11-16 08:06 · Score: 2, Insightful

Well, actually, I kinda sorta like it when the article summary's actually summarize the core concepts that there talking about.