U.S. Government Mandates DNSSEC
In response to claims of “foot-dragging” with regards to DNS security, the United States government has ordered the administrators of all .gov domains to implement DNSSEC before January 2009.
DNSSEC is a somewhat controversial set of extensions to the DNS protocol designed to provide protection from forged data. Although it was first proposed in 1995, DNSSEC has not been widely adopted and as of a few weeks ago only 99 .com domains were using it (here’s a map of worldwide deployments). Of the many concerns preventing deployment, the two most controversial have been “zone enumeration” and the issue of who controls the master keys.
The matter of key ownership was raised again last year when the U.S. Department of Homeland Security announced that it wanted to manage the root keys. Operators of many other top level domains took issue with this, and proposed that ICANN/IANA be tasked with root key management.
Update: A PDF of the mandate is available from the Whitehouse website.
Posted by corywright on August 27th, 2008 under Root Servers, Security.
Comments: 2