Experts to Feds: Sign the DNS root ASAP

US government urged to deploy DNS security measures, but through ICANN not VeriSign

Internet security gurus and leading vendors are urging the US federal government to rapidly deploy security and authentication mechanisms at the top level of the DNS hierarchy, which is known as the root zone.

In recent weeks, the National Telecommunications and Information Administration (NTIA) has received 30-plus comments in favor of securing DNS root zone data.

These comments are from the Internet Architecture Board (IAB) and the Internet Society as well as ISPs and domain name operators such as PayPal, Akamai Technologies, NeuStar, Comcast and Afilias.

The "rapid adoption of DNSSEC and signing of the root zone is an urgent requirement," wrote Michael Barrett, CISO with PayPal. "We applaud NTIA for initiating this inquiry, and urge it to move with all possible speed to implement DNSSEC [DNS Security Extensions]. Inaction or further delay would be detrimental to the interest of consumers and other Internet users and to the healthy growth of electronic commerce."

"Comcast is strongly in favor of the global adoption of DNSSEC, starting with the signing of the root," said a letter from Kathryn Zachem, vice president of regulatory and state legislative affairs, and Jason Livingood, executive director of Internet systems engineering with Comcast. "Until the root is signed, signatures for a top-level domain such as .net or .com, and signatures in domains like Comcast.net are of limited utility."

While the majority of the comments received by NTIA recommend deploying DNSSEC across the root zone, many of them prefer that this is done by the nonprofit Internet Corporation for Assigned Names and Numbers (ICANN) rather than a for-profit corporation such as VeriSign, which operates root servers A and J.

The Asia-Pacific Network Information Centre, a regional Internet registry, said it supports "ICANN's proposals to sign the root zone using the DNSSEC framework in a timely manner."

IAB Chair Olaf Kolkman similarly proposed that details about DNSSEC implementation on the root zone "should be decided upon within the context of the multi-stakeholder process, as currently embodied in ICANN. This would ensure involvement of all stakeholders through well established mechanisms."

The NTIA also received letters discouraging DNSSEC deployment from two lesser-known organizations -- PublicRoot Consortium and AV8 Internet -- as well as a few crackpot comments that are typical of any open Internet-based process.

Join the PC World newsletter!

Error: Please check your email address.

Tags DNS

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Carolyn Duffy Marsan

Network World

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?