Feds Tighten DNS Security On .Gov 140
alphadogg writes "When you file your taxes online, you want to be sure that the Web site you visit — www.irs.gov — is operated by the Internal Revenue Service and not a scam artist. By the end of next year, you can be confident that every U.S. government Web page is being served up by the appropriate agency. That's because the feds have launched the largest-ever rollout of a new authentication mechanism for the Internet's DNS. All federal agencies are deploying DNS Security Extensions (DNSSEC) on the .gov top-level domain, and some expect that once that rollout is complete, banks and other businesses might be encouraged to follow suit for their sites. DNSSEC prevents hackers from hijacking Web traffic and redirecting it to bogus sites. The Internet standard prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption."
Just what they want you to think (Score:4, Insightful)
The easiest way entrap a victim is to promote a feeling of security.
Nothing says 'rob me blind' than 'trust us'.
Glad they fixed that (Score:2, Insightful)
Now if only... (Score:3, Insightful)
SSL, anyone? (Score:3, Insightful)
What does DNSSEC buy me if I use https?
And if irs.gov isn't supporting https, wouldn't that be the place to start, rather than DNSSEC?
HOORAY. This is a GOOD THING. (Score:4, Insightful)
Re:Banks? (Score:3, Insightful)
Why? Don't we have enough laws that attempt to legislate technology? Yes it's a desirable technology, but do we really need to be chained to it with a law that two decades from now will solely be an obstacle to implementing the next new desirable technology?
Banks and other businesses will move to it once they see a good business case in doing so. Let that decide matters.
Please understand, I'm not a laissez faire sort of fellow most of the time. But if you have the government start trying to decide how the core mechanics of the internet work, and I guareentee you whatever small benefit you gain from the initial decision will be drowned out by the stagnation that results later on.
Re:Just what they want you to think (Score:5, Insightful)
"you can be confident that every U.S. government Web page is being served up by the appropriate agency."
The easiest way entrap a victim is to promote a feeling of security.
I would venture a guess: any visitor to *.gov who doesn't know what a packet is (i.e. at least 95% of the public) will already feel secure. Also, since the difference between secure DNS and insecure DNS will be absolutely invisible to them (presumably), they won't feel any more or less secure now. Or they won't know what the difference between the green padlock and the yellow padlock is. At any mention of the secure DNS in the press, these 95% of visitors will have forgotten about it the next day [just as I might].
Bottom line: no one who doesn't deal with computers either professionally or as a hobby will notice. Their feeling of security will be unaffected.
Re:Banks? (Score:3, Insightful)