Crypto project to lock down net security

Summary:VeriSign and Icann have joined with two US government agencies to encrypt one of the fundamental internet protocols

VeriSign will administer encryption for the internet's Domain Name System, according to the organisation that oversees the fundamental internet address system.

Icann said on Wednesday that VeriSign will sign the Domain Name System Security Extensions (DNSSEC) at the root zone of the internet. The announcement suggests a resolution to a longstanding political argument about who would have responsibility for such encryption.

The US Department of Commerce's National Telecommunications and Information Administration and National Institute of Standards and Technology are working with Icann and VeriSign on the initiative.

In an interim arrangement between the participating organisations, VeriSign will manage and have operational responsibility for the zone signing key, while Icann will manage the key-signing-key process. Icann said it will work closely with VeriSign regarding the operational and cryptographic issues involved.

"This is very important for the global community of internet users. We will work closely with all participants on this crucial security initiative," Paul Twomey, president and chief executive of Icann, said in a statement.

The Domain Name System (DNS), the addressing system used to route information packets on the internet, has long been known to have numerous critical vulnerabilities. Due to the open nature of DNS architecture, DNS cache poisoning, which allows an attacker to falsely redirect a user, has been a recurrent problem since at least 2005. In 2008, security researcher Dan Kaminsky outlined a fundamental DNS flaw which forced multiple vendors to scramble to produce a patch.

The use of DNSSEC, an encrypted protocol, would mitigate many DNS flaws, but has so far been unworkable due to political tensions between DNS-using organisations, who have been unable to agree who would sign the root. This was recognised by the DNSSEC Deployment Working Group in 2005.

"Unfortunately, there are political issues," the working group said at the time. "The root is just another trust anchor but it is a 'special' one."

At the time of writing, Icann had not commented as to how these political issues had been resolved. However, Icann said in a statement that it "recognises the urgency surrounding the issue of electronically signing the internet's 'root zone'".

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.