Home / Blogs

DNSSEC Taking Center Stage at 2010 Black Hat

On July 28th DNSSEC took center stage at the 2010 Black Hat Conference in Las Vegas. Two years ago, at the same conference, Dan Kaminsky unveiled the infamous DNS bug that many believe became a major catalyst for DNSSEC implementation. To kick things off, Jeff Moss—founder of Black Hat—in his opening speech called out the fact that “we have not solved any fundamental problems” and noted that the technical community must catch up. Providing countless band-aids for major issues is not acceptable when working towards a safe and secure internet for all. Roughly four hours later Rod Beckstrom declared to a packed room of reporters that “DNSSEC is the biggest structural improvement in the Internet in 20 years, specifically, since the introduction of the world wide web.” Clearly, DNSSEC is not a band-aid fix.

Now that the root is in production with DNSSEC, Kaminsky sees new and exciting possibilities in the areas of online security, beyond addressing man in the middle attacks. He believes full scale adoption could thwart a variety of threats. “We’ve been looking at how DNSSEC is going to address not only DNS vulnerabilities, but some of the core vulnerabilities we have in security,” Kaminsky said during a Black Hat interview. “We’re not going to solve all of those problems with DNSSEC, but there’s an entire class of authentication vulnerabilities that DNSSEC does address.” One example he cited was secured emails. Basically, Dan Kaminsky wants to know that an email from his bank actually came from his bank. The Internet may be 25 years old, but DNSSEC is only been in full production at the root for mere weeks, so the possibilities are endless.

Later that day, Dan Kaminsky gave a talk on the Black Ops of Fundamental Defense, where he dispelled the notion that deploying DNSSEC is difficult, costly, and time-consuming, by signing a .ORG site end-to-end with DNSSEC in less than two minutes. DNSSEC, as we know it today, took eighteen years to make it into production. It may not be perfect, and certainly a lot harder to develop and implement than the two minutes it took for Kaminsky to deploy it, but for one day it was the toast of the town, and a much deserved one at that—especially for the folks at IETF who worked on it since day one. Cheers!

By Lauren Price, Sr. Product Marketing Manager, .ORG, The Public Interest Registry

Lauren Price also contributes to the .Org weblog located here.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC