Via SecurityFocus -
The U.S. government issued a memo last week mandating that all major agencies adopt a proposed technology to enable trusted lookups of domain information by December 2009.
The technology, known as DNSSEC, promises to secure the domain name system (DNS) against attempts to subvert the infrastructure, such as the cache poisoning attack found by researcher Dan Kaminsky earlier this year. However, the system requires public-key cryptography to secure communications with names servers as well as validate the identity of authoritative servers. Because of the technical hurdles -- and the political problems in designating companies or governments to hold the keys to the domain-name system -- both governments and private sector companies have held off deploying DNSSEC for more than a decade.
In a memo (pdf) to agency chief information officers, Karen Evans, Adminstrator for the Office of E-Government and Information Technology at the White House's Office of Management and Budget, said its time to lock down the infrastructure.
"The Government's reliance on the Internet to disseminate and provide access to information has increased significantly over the years, as have the risks associated with potential unauthorized use, compromise, and loss of the .gov domain space," Evans wrote.
No comments:
Post a Comment