Dana Blankenhorn has been a journalist, writer and part-time futurist for over 30 years.
Over the past 10 years, there have been numerous attacks on the DNS system.
Successful cache poisonings have caused, and continue to cause millions of dollars in damage and tens of thousands of virus infected PCs.
As of now, pretty much every computer on the Internet can use/validate PKI, there is absolutely no reason why we are not only using secure DNS, but also secure (source authenticated at the very least) email.
Imagine what would happen to your daily spam load from that alone. The only question is why has this NOT happened yet?
A collection of European Internet insiders have announced OpenDNSSEC, a project aimed at managing the security of domain names on the Internet.
The group notes that DNS caches are no longer secure, and a white paper says the automated checks will make the creation of secure zones automatic, combining DNS records and digital signatures.
Sponsors are in Europe include the English registry Nominet, NLnet Labs of the Netherlands, the Internet Infrastructure Foundation .SE in Sweden, the Swedish Kirei AB consultancy, SIDN, which maintains the .NL Netherlands domain, and SURFnet, which handles the same country’s university network, and English DNS consultant John Dickinson.
Secure domain name abuse is one of the main tools hackers have for getting past security systems, and making domains tougher to forge is something that is devoutly to be wished. The announcement of OpenDNSSEC follows an Internet Engineering Task Force meeting in Sweden.
The poisoning of DNS cache has become commonplace since Dan Kaminsky demonstrated how the DNS security model is flawed two years ago.
