Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Consultants Warn About PROTECT-IP Act

Posted by samzenpus on from the danger-danger-danger dept.

epee1221 writes "Several security professionals released a paper raising objections to the DNS filtering(PDF) mandated by the proposed PROTECT-IP Act. The measure allows courts to require Internet service providers to redirect or block queries for a domain deemed to be infringing on IP laws. ISPs will not be able to improve DNS security using DNSSEC, a system for cryptographically signing DNS records to ensure their authenticity, as the sort of manipulation mandated by PROTECT-IP is the type of interference DNSSEC is meant to prevent. The paper notes that a DNS server which has been compromised by a cracker would be indistinguishable from one operating under a court order to alter its DNS responses. The measure also points to a possible fragmenting of the DNS system, effectively making domain names non-universal, and the DNS manipulation may lead to collateral damage (i.e. filtering an infringing domain may block access to non-infringing content). It is also pointed out that DNS filtering does not actually keep determined users from accessing content, as they can still access non-filtered DNS servers or directly enter the blocked site's IP address if it is known. A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to 'decay into a lawless Wild West.' Paul Vixie, a coauthor of the paper, elaborates in his blog."

1 of 298 comments (clear)

  1. Wrong, there are laws, and this breaks one of them by SuperKendall · · Score: 5, Interesting

    When was the Internet anything other than a "lawless wild west"?

    The internet is the wild west, but it is far from lawless... it just so happens that there are very few laws.

    One of those laws is the trustworthiness of DNS. The proposal at hand is actually one that makes the internet MORE lawless, not less, as DNS falls utterly as the (relatively) trustworthy backbone of the internet it has been until today.

    Who would knowingly point to a DNS server that might mislead them after this is passed? I sure wouldn't.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley