[Unbound-users] (OT - FYI) US to implement DNSSEC for all .gov top level domains in 2009
7v5w7go9ub0o
7v5w7go9ub0o at gmail.com
Thu Aug 28 17:52:47 UTC 2008
<http://www.heise-online.co.uk/security/The-US-to-implement-DNSSEC-in-all-federal-offices--/news/111417>
The US government has called on all federal offices to take measures to
prepare their domains for DNSSEC. Starting in January 2009, the US
government will use DNSSEC for all .gov top level domains Second level
domains for federal offices will follow. The move is the US government's
reaction to the increasing threat of cache poisoning attacks on name
servers, which make it possible to redirect even .gov addresses to
servers controlled by criminals.
With the DNSSEC extension, all responses to a name server are signed,
allowing the recipient to verify via public key infrastructure (PKI)
whether they are authentic responses derived from the responsible name
server. International implementation of DNSSEC has so far been hampered
by disagreements over who would control the PKI.
While the implementation schedule for DNSSEC appears to be rather
generous, federal offices tend to move rather slowly. Government offices
are scheduled to have their initial plans for the implementation ready
by early September. By December 2009 DNSSEC is supposed to be
established for all second level domains under .gov.
More information about the Unbound-users
mailing list