Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Networking Security The Internet Technology

DNSSEC Comes To .Net Zone Today 62

Posted by kdawson from the if-it-were-easy-we'd-be-done-already dept.
wiredmikey sends news that as of today VeriSign has enabled DNSSEC on the .net zone. This is one milestone in a years-long process of securing the DNS against cache poisoning and other attacks. Next step will be for VeriSign to sign the .com root early next year."Having DNSSEC enabled for .net domains... [is] important as it represents one of the most critical implementations of DNSSEC technology, since .net serves as the underpinning for many critical Internet functions. The largest zone to be DNSSEC enabled to date, .net currently has more than 13 million... domain name registrations worldwide."
This discussion has been archived. No new comments can be posted.

DNSSEC Comes To .Net Zone Today More

DNSSEC Comes To .Net Zone Today

Comments Filter:

  • Re:More security in what way? (Score:5, Insightful)

    by Anonymous Coward on Friday December 10, 2010 @10:53AM (#34513992)

    The USA is your boogieman.

    but hey, it's popular to hate them, lets go for it! They are magically worse than everyone else (many of whom do exactly the same, some are better, some are worse) because they have power and you aren't with them.

    Grow up. They'll drop down a few pegs in the next 10-20 years, and the EU, China or both will become a more formidable power. Don't worry. I hope you are in one and can enjoy the other side of the idiocy you are propagating.

  • I was thinking more or less the same thing.

    The point is that a good domain name system implementation needs to be secure against protocol attacks. DNSSEC secures it against hackers, but makes it more vulnerable to political attacks. Because DNS was designed to be centralized.

    The problem with currently emerging alternatives is that they're designed to be decentralized, making them vulnerable to protocol attacks. However, a good p2p implementation would use an underlying hierarchy based on the anonymity of the name authorities, and they would be able to establish further authority points. But that protocol isn't even invented yet as far as I recall, and it would require a hell lot of thought and encryption.

    In any case, more cryptographic security is better, not worse. If you want someone to blame, it's the inventors of DNS for establishing a US-based name authority. Oh wait, the Internet was invented in the US, by none other than the DARPA. Go figure.

Slashdot Top Deals

"Engineering without management is art." -- Jeff Johnson

Close