DNSSEC Implementation Held Up By Tech Delays

Posted by timothy on Monday November 16, 2009 @07:40AM from the not-just-those-dogs-in-the-hallway dept.

Jack Spine writes "VeriSign has said that the main obstacle to DNSSEC implementation has been technical delays. The large size of the .com and .net domains would have made it impractical to deploy earlier versions of DNSSEC, according to VeriSign vice president of naming services Pat Kane. Deployment of DNSSEC will close a major security flaw in the DNS, the internet's equivalent to a telephone directory. The problem of DNS cache poisoning was thrown into sharp relief by researcher Dan Kaminsky last year."

1 of 57 comments (clear)

Min score:

Reason:

Sort:

Re:Can someone explain ZSK and KSK? by nine-times · 2009-11-16 08:40 · Score: 0, Offtopic

I'm going to put IANAE in all of my posts here, since I don't really know what I'm talking about in any depth. However, my guess would be that DNS records, being small by themselves, are dramatically increased in size by adding encryption keys and signatures.