International politics slows full deployment of DNSSEC
- By William Jackson
- Jun 25, 2009
A growing number of generic top-level domains, including .gov and .org, are deploying DNS Security Extensions to help ensure the reliability of the Domain Name System. But full deployment of the extensions is moving at a glacial pace.
Part of the problem is the complexity of managing the cryptographic keys used to sign DNS data and authenticate queries and responses. But one Commerce Department official said another part of the problem is international concern about the United States controlling the Internet. In many cases, the challenges faced are diplomatic rather than technical. The official likened the process of bringing the international community on board to herding cats.
Commerce has put much of the job of managing the Internet into the hands of the Internet Corporation for Assigned Names and Numbers, a nonprofit organization formed for that purpose. But Congress is unwilling to give up its oversight of a network the Defense Department originally created, and that worries some who see the Internet as a global resource.
Individual entities can handle many aspects of Internet security at the endpoints. But because DNS underlies virtually all Internet activity, securing it effectively is best done at a higher level. Hopefully, deploying DNSSEC won’t prove to be as challenging as achieving peace in the Middle East.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.