Internet domain Name System (DNS) security reached critical milestone
Source: Internet
Author: User
KeywordsSecurity ritual release Internet we
NET net translation http://www.aliyun.com/zixun/aggregation/17197.html "> Beijing time June 18 News, the dream of tightening security screws for Internet domain Name System in Wednesday again to the reality of a step, this day, Internet policymakers held a simple and solemn ceremony in North Virginia State to generate and store the first key that will be used for Internet root domain security.
This key publishing ceremony is one of the final steps in the Internet root domain DNS security extension (DNSSEC) development process. DNSSEC is a new standard for Internet protection against fraudulent attacks, allowing Web sites to authenticate domain names and corresponding IP addresses using digital signatures and public keys.
"The key publishing ritual will generate a master root key that can provide signatures for all other keys," explains VeriSign's CTO, Ken Silva. VeriSign operates two of the 13 Internet root servers, which mainly provide registration services for. com and. NET top-level domains. "It is necessary to first create a legally binding key one months before the actual launch of DNSSEC so that we can test it." ”
DNSSEC plans to deploy throughout the Internet infrastructure architecture, starting with the root server at the top of the DNS hierarchy, first to servers running. com,. NET, and other top-level domain names, and then to servers that provide cached content services for many Web sites.
Once widely deployed, DNSSEC will be able to effectively prevent cache poisoning attacks, which redirect Internet traffic from legitimate Web sites to phishing sites where no site operators or users do not know. Cache poisoning attacks are a serious vulnerability in DNS that was publicly disclosed by security researcher Dan Kaminsky in 2008.
The Wednesday key release ceremony was hosted by ICANN in a secure data center in the city of Virginia State Calpepa. A similar key release ceremony will be held in Los Angeles in July.
The key publishing ceremony is to explain to the Internet engineering community how to safely generate and store keys for the root domain. Participants included ICANN staff and DNS experts from around the world. The whole process of key generation and storage is notarized.
"Experts from all over the world will be involved in the process of creating keys for DNS top-level domain names," said Steve Croker, chief executive of the Internet security expert and Shinkuro company. "They are witnesses and oversee the process in a fair and strict compliance situation." ”
These two key release ceremonies are the final steps before the large-scale deployment of DNSSEC, and the second announcement is scheduled for July 15.
From now until July 15, the root server operators will be DNSSEC to test the additional.
"We will try to test as many of the scenarios as we might think," Silva said. "We will test the key length, key reversal, key expiration, and all other problems that may occur." We want to test the response of the system to see if our monitoring and detection can capture all of this. ”
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.