ACM TechNews
Experts Accuse Bush Administration of Foot-Dragging on DNS Security Hole
Wired News (08/13/08) Singel, Ryan
Security experts charge that bureaucratic lassitude at the U.S. Department
of Commerce's National Telecommunications and Information Administration
(NTIA) is responsible for a major, lingering security hole in the
Internet's domain name system (DNS). Experts and the NTIA concur that
DNSSEC, a series of security extensions for name servers, is the only
solution for a flaw that allows hackers to redirect Web traffic at will by
feeding fake information into DNS listings. DNS servers function in a
massive hierarchy, which means that the successful deployment of DNSSEC
requires having a trustworthy party sign the root file with a
public-private key. "The biggest difference is that once the root is
signed and the public key is out, it will be put in every operating system
and will be on all CDs from Apple, Microsoft, SUSE, Freebsd, etc," says
Sparta's Russ Mundy. NTIA's refusal to implement DNSSEC is a purely
political move, as the technical difficulties of implementation have been
addressed, says Packet Clearing House research director Bill Woodcock.
NTIA's Bart Forbes says the administration has a responsibility to explore
all possible solutions with all stakeholders before committing to DNSSEC,
while even the most committed DNSSEC advocates acknowledge that
Internet-wide installations of the extensions will consume a lot of time
and money. The Internet Assigned Numbers Authority has spent the last year
prototyping a system to sign the root-zone file, but it requires approval
from the Commerce Department to do the same for the top Internet servers,
at which point the issue becomes politically charged "because there seems
to be the perception that the introduction of a key guardian changes the
current policies," says Dutch networking expert Olaf Kolkman.
http://blog.wired.com/27bstroke6/2008/08/experts-accuse.html
© Copyright 2008 Information, Inc. This service may be reproduced for internal distribution.