BNET UK
silicon.com
ZDNet UK

Home
News
Blogs
Reviews
Videos
Jobs
Resources
Community

Leader
Comment
White Papers
Downloads
Special Reports

Hardware
Software
Communications
Internet
Security
IT Management
Emerging Tech
Leader

Group Blogs
News Blog
Post Room
Rupert's Diary

Hardware Reviews
Software Reviews
Editors' Choice
Buyer's Guides
Tech Guides
Competitions

Dialogue Box
Security threats
Server platforms
Mobile devices
Application development
Full video index

Articles
White Papers
Downloads
Companies
Broadband Speed Test

People
Competitions
Post Room
FAQ

You are here: ZDNet UK > News > Security

Security management Toolkit

Crypto project to lock down net security

Tags:
ICANN,
DNS SEC,
Root

Tom Espiner ZDNet.co.uk

Published: 05 Jun 2009 16:03 BST

VeriSign will administer encryption for the internet's Domain Name System, according to the organisation that oversees the fundamental internet address system.

Icann said on Wednesday that VeriSign will sign the Domain Name System Security Extensions (DNSSEC) at the root zone of the internet. The announcement suggests a resolution to a longstanding political argument about who would have responsibility for such encryption.

The US Department of Commerce's National Telecommunications and Information Administration and National Institute of Standards and Technology are working with Icann and VeriSign on the initiative.

In an interim arrangement between the participating organisations, VeriSign will manage and have operational responsibility for the zone signing key, while Icann will manage the key-signing-key process. Icann said it will work closely with VeriSign regarding the operational and cryptographic issues involved.

"This is very important for the global community of internet users. We will work closely with all participants on this crucial security initiative," Paul Twomey, president and chief executive of Icann, said in a statement.

The Domain Name System (DNS), the addressing system used to route information packets on the internet, has long been known to have numerous critical vulnerabilities. Due to the open nature of DNS architecture, DNS cache poisoning, which allows an attacker to falsely redirect a user, has been a recurrent problem since at least 2005. In 2008, security researcher Dan Kaminsky outlined a fundamental DNS flaw which forced multiple vendors to scramble to produce a patch.

The use of DNSSEC, an encrypted protocol, would mitigate many DNS flaws, but has so far been unworkable due to political tensions between DNS-using organisations, who have been unable to agree who would sign the root. This was recognised by the DNSSEC Deployment Working Group in 2005.

"Unfortunately, there are political issues," the working group said at the time. "The root is just another trust anchor but it is a 'special' one."

At the time of writing, Icann had not commented as to how these political issues had been resolved. However, Icann said in a statement that it "recognises the urgency surrounding the issue of electronically signing the internet's 'root zone'".

Did you find this article useful?

Share this article:
Digg
Slashdot
Del.ici.ous
Stumble
Reddit

Company/Topic Alerts

Create a new alert from the list below:

VeriSign
DNS SEC

Root
ICANN

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video

Install Flash Player plugin

Find out more: Microsoft exec outlines...

All videos
Most popular videos
Latest videos

Featured Talkback

In association with Network Liberation Movement

It seems to me this is a burden being placed on the wrong shoulders. There is not an It system in the world that can stop an individual taking information in their heads and spewing out at the nearest undesirable third party.