(WEB HOST INDUSTRY REVIEW) — Internet infrastructure services provider Afilias (www.afilias.info) will be deploying Domain Name System Security Extensions across its registry platforms, signing 13 more top-level domains and increasing DNSSEC deployment among domain registries by 50 percent.
According to Afilias’ Monday announcement, its “Project Safeguard” initiative will deploy DNSSEC extensions in 13 top-level domains not currently among the 26 TLDs that have already deployed DNSSEC.
Based on the proven strategy for the .ORG registry’s successful DNSSEC deployment effort, Afilias will adopt a similar, careful, step-by-step approach to the other domains starting with the .INFO domain in September, then moving on to TLDs it supports in Asia, Latin America, the Caribbean, and Europe.
Project Safeguard includes a registry and DNS infrastructure upgrade across Afilias’ global technology platforms to support DNSSEC. It also includes a year-long registrar training initiative to address technical issues in the implementation of DNSSEC in registrar-registry transactions.
“Afilias has been a leader in DNSSEC deployment, including working closely with .ORG to plan, design and implement the .ORG DNSSEC strategy as early as 2007,” Afilias executive vice president and chief technology officer Ram Mohan said in a statement. “We are pleased to introduce DNSSEC across our registry and DNS platform, protecting TLDs in our care from DNS cache poisoning and man-in-the-middle attacks, while maintaining consistency and convenience for registrars and their customers.”
DNSSEC development began in the early 1990’s, but it has only recently become ready for broad deployment as an additional security measure to protect the DNS from cache poisoning exploits. For instance, an exploit known as the Kaminsky bug can let malicious entities intercept Internet users’ requests to access a website, and redirect or eavesdrop on them without their knowledge, and with no ability to reassert control. To guard against this and other attacks, DNSSEC introduces digital signatures to the DNS infrastructure, automatically ensuring that users are not hijacked and taken to an unintended destination.
According to Afilias’ “Registrar DNSSEC Readiness Report”, registrars agree that DNSSEC is a good idea (four out of five said that TLD registries should offer DNSSEC) but nine out of ten say they are not yet fully prepared to actually offer DNSSEC services to their customers.
“Our goal is to help registrars navigate the challenges of enabling the next generation of Internet security with DNSSEC, by providing a simple and singular enablement process to easily deploy DNSSEC across Afilias-supported domain registries,” Mohan said. “The Project Safeguard initiative should ease the technical burden of DNSSEC deployment and could spur user adoption.”
No related posts.
