Home / Blogs

Dan Kaminsky Releases Phreebird for Easy DNSSEC

Today marks another key step in DNSSEC deployment. Congrats to Dan Kaminsky, chief scientist at Doxpara and one of our partners on the Practice Safe DNS campaign, on the release of his new code Phreebird.

Announced today at Black Hat Abu Dhabi, Phreebird Suite 1.0 is a free, easy-to-use toolkit that lets organizations “test-drive” DNSSEC deployment. According to Kaminsky, “Put simply, X.509 based PKI fails due to a series of problems DNSSEC simply does not have. If we can find a way to use DNSSEC to address the problem of bootstrapping trust [otherwise known as authentication] across organizational boundaries, we can start fulfilling promises made before the turn of the century.” In other words, the toolkit will enable organizations, business, vendors, and individual users to authenticate one another by automatically generating keys and providing real-time signing in roughly 30 seconds. As Kaminsky says, “When my mom receives an email from the bank, she should know it’s from the bank.”

As the first gTLD to go into full production with DNSSEC, we at .ORG have been anticipating this news since Kaminsky first demoed Phreebird at Black Hat in July. It took all of two minutes to sign a .ORG site end-to-end, dispelling the notion that DNSSEC deployment is a complex and costly process. Just two minutes. Thanks to the countless folks who have been working tirelessly on DNSSEC for many years and bringing us to the point where DNSSEC is today. Imagine the possibilities if all .ORG users—and .GOV, .NET. and .EDU users for that matter—took just 120 seconds from their day and installed the Phreebird toolkit. Then DNSSEC could rightly claim its place as the new widespread standard for Internet security.

By Lauren Price, Sr. Product Marketing Manager, .ORG, The Public Interest Registry

Lauren Price also contributes to the .Org weblog located here.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign

New TLDs

Sponsored byRadix