DNS Risks and DNSSEC
Time 02/08/06 11:00AM-11:25AM
Recent surveys, such as one by Consumer Reports, have found that end-users are decreasing their trust in the Internet and reducing their use of services such as Internet banking. Users still act as though name lookups result in their packets going to the end host they have chosen (in other words, that the DNS is secure), but as tools against phishing gain traction, there are more attacks where the name is correct, but the lookup itself, the security of the DNS resolution, is compromised. The addition of the DNS security extensions (DNSSEC for short) to the DNS allows enabled systems to detect cases of compromised DNS systems. This talk discusses DNS risks today, some technical aspects of DNSSEC, including its performance in a critical infrastructure deployment at RIPE NCC, and some issues for broad adoption of DNSSEC. We expect to raise for discussion (or hallway talk) some points specific to the R&E environment, e.g. strong administrative skills, distinctive goals and end-users, and sometimes informal arrangements of DNS operations such as secondaries.