Whether the IETF should use its resources to encourage DNS registries,
ISPs and enterprises to upgrade to the ultimate DNS security solution,
DNSSEC, or whether it should tweak the DNS protocols to address the
so-called Kaminsky bug as an interim step is being debated at a meeting
of the IETF held in Minneapolis last week reports Network World.
"The problem is that DNSSEC prevents Kaminsky attacks only when it is
fully deployed across the Internet -- from the DNS root zone at the top
of the DNS hierarchy down to individual top-level domains, such as .com
and .net. Until then, Web sites remain vulnerable to Kaminsky-style
attacks."
The article concludes, "Getting the root signed is the '800-pound
gorilla in the middle of the room,' says IETF participant Paul Hoffman,
an Internet security expert who sent a comment to the NTIA 'Let's say
the root is signed tomorrow. Let's say all the important top-level
domains are signed. It's still no good unless all of the domains are
signed. You can't just deploy DNSSEC. You have to deploy it
universally.'"
To read this Network World article in full, see www.networkworld.com/news/2008/112008-ietf-dns-debate.html or www.pcworld.com/article/154272/.html.
David Goldstein
Lasted posts on our Forum
- 05/07/2009 16:15 For Sell Apple iPhone 3GS 32GB..$180 (KULLAK)
- 05/07/2009 05:06 I need short sport names (jtay51)
- 04/07/2009 07:24 Excellent list of domains for sale !!!! (cagdaswoo)
- 03/07/2009 22:15 Needed godaddy coupon (Jasper.Block)
- 01/07/2009 19:54 Unlimited Hosting (xenia)