InfoWorld interviewed CTO Ken Silva on the company's current and past challenges. Silva manages VeriSign's technical operations, which handle much of the world's DNS traffic and cryptographically protect millions of Web sites. Before joining VeriSign, Silva spent 10 years with the National Security Agency (NSA). Roger asked about VeriSign's current status and future plans. Here are some excerpts from that interview:
In the first part of this decade, the global DNS infrastructure came under a few big denial-of-service attacks that caused service disruptions, but in the last few years, we haven't seen any significant service outages. How well have we done in making DNS resistant to DoS attacks?
VeriSign services have never completely been taken out from a DoS attack because of our distributed nature. We do get DDoS [distributed DoS] attacks, and they are getting bigger, and bigger, and bigger, but they haven't affected us that greatly. In February 2006, we launched our Project Titan initiative, in response to our growing legitimate services and to handle DDoS attacks in the multiple tens of gigabytes. Our goal was to fortify the infrastructure to over 10 times the predicted infrastructure needed. Project Titan will increase bandwidth 10,000 times the 2000 levels by 2010. It's already at 1,000 times the size today [as compared to the 2000 levels], and will be another 10 times today's level in the next two years. It will be able to handle 4 trillion queries a day.
Why are DNSSec and any of the other "advanced" DNS security proposals slow to gain more widespread acceptance?
These are complicated technologies, and you have to agree to get the entire world to agree on the standard, what makes up the standard, and do it at the same time. That alone makes it difficult.