Working Around Slow US Gov. On DNS Security 91
alphadogg writes "Last fall, the US government sought comments from industry about how better to secure the Internet by deploying DNSSEC on the root zone. But it hasn't taken action since then. Internet policy experts anticipate further delays because the Obama Administration hasn't appointed a Secretary of Commerce yet, the position that oversees Internet addressing issues. Meanwhile, the Internet engineering community is forging ahead with a stopgap to allow DNSSEC deployment without the DNS root zone being signed. Known as a Trust Anchor Repository, the alternative was announced by ICANN last week and has been in testing since October."
DNSSEC overrated (Score:3, Insightful)
It's not about security, it's just another way to collect toll on the information superhighway.
I'm sure the CAs are rubbing their hands in glee.
They're not only going to collect money for SSL certs for www.yourdomain.com. Now they get to collect money to sign the "yourdomain.com" DNS entry as well.
And Verisign gets to triple dip if not more.
And a good thing too. (Score:3, Insightful)
Apart from the certificate trust scam ("trust us, for you give us money"), too many non-us governments (and non-us non-governmental people, natural or otherwise), won't accept a us govt held root. And why should they?
Yes, arguably a fragmented root it not as good as it should be, but a root held by a single entity, especially one as "trustworthy" as the one with the power to push this through, might, in the long or not so long term, easily cause a plethora of split DNS universes. Which is lots worse.
It really is too bad that the most vocal people with the technical knowledge to understand the impact choose to ignore the politics involved. Yes, smart move people, that will make the issues go away real good.
More on this, at 11 (Score:5, Insightful)
Re:Working around government? (Score:3, Insightful)
I think Washington would still be protecting the horse breeders and the stable hand union.