U.S. Government Mandates DNSSEC
In response to claims of “foot-dragging” with regards to DNS security, the United States government has ordered the administrators of all .gov domains to implement DNSSEC before January 2009.
DNSSEC is a somewhat controversial set of extensions to the DNS protocol designed to provide protection from forged data. Although it was first proposed in 1995, DNSSEC has not been widely adopted and as of a few weeks ago only 99 .com domains were using it (here’s a map of worldwide deployments). Of the many concerns preventing deployment, the two most controversial have been “zone enumeration” and the issue of who controls the master keys.
The matter of key ownership was raised again last year when the U.S. Department of Homeland Security announced that it wanted to manage the root keys. Operators of many other top level domains took issue with this, and proposed that ICANN/IANA be tasked with root key management.
Update: A PDF of the mandate is available from the Whitehouse website.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Posted by corywright on August 27th, 2008 under Root Servers, Security.
Comments: 2
Comments
Comment from web design company
Time: August 27, 2008, 4:06 pm
Homeland inSecurity manage root keys? FUCK NO.
Comment from wannabe
Time: August 27, 2008, 7:07 pm
this is just one of those things thats mandated but never actually gets implemented.
I work for a budget hosting company and there are tons of .gov domains out there, managed by people who can barley use email. So good luck trying to get that sort of person up to speed on this dns stuff when they were barley able to get front page to publish to our servers
Write a comment