16 Feb 2011
A panel of security experts has given an early thumbs-up to the DNSSec
security protocol.
Icann chief executive Rod Beckstrom, cryptography pioneer Whitfield Diffie
and security researcher Dan Kaminsky were among those who spoke on the progress
of the security standard at the 2011 RSA Conference in San Francisco.
"What has been happening so far with this rather rapid propagation… I think
this may well continue and may make a genuine difference in overall security,"
said Diffie.
Designed to prevent "cache poisoning" security attacks, the DNSSec system is
designed to provide a secure method for exchanging and verifying DNS traffic.
Rollout for the platform began last year when DNSSec was put in place
for
the .org and later
the
.net domains, with plains to extend into the .com space
Kaminsky, whose research into DNS vulnerabilities
made
headlines in 2008, admitted that while he didn't think he would ever be on a
panel extolling its virtues, he now had to concede that DNSSec had shown great
promise thus far.
"We have a lot of things to fix, and I don't think I have seen in my entire
career a budding technology that has the potential to fix as many things as
DNSSec," said Kaminsky.
The panel warned that challenges could lie ahead for the system. Nominum
chief scientist and DNS inventor Paul Mockapetris warned companies to adopt
DNSSec early and plan in advance to deal with the system's inevitable growing
pains.
"You need to make sure that your DNS software is updated," Mockapetris
cautioned.
"You have to make sure that you keep up with it because there are going to be
some bumps in the road along the way."
No comments:
Post a Comment