A few weeks ago Bruce Schneier wrote an article entitled “memo to the next president“. In it he has several pieces of advice, including asking the president to use the government’s immense buying power to increase the security of products. The government’s buying power has been used before to influence products, whether deliberately or accidentally, and Schneier wants to see the government weild this power for the greater good. This is logical – after all the government exists to provide for the greater good where no other actor is able to do it.

On the same theme, OMB recently announced that it was requiring all government agencies to start deploying DNSSEC, and then gave them a deadline of January 2009. (See the wikipedia page on DNSSEC if you don’t know what it is). While it will almost assuredly be completed behind schedule (it is government after all), it is great news. Simply put, DNS is inherently flawed. As was pointed out by commenters in a previous post, assuming that the first response is the correct one is just a bad idea. DNSSEC fixes all of that by enforcing digital signatures. Most commercial enterprises right now are simply applying the newest patch and leaving it at that. As everyone knows though, continuing to try and patch over breaches in the dike will only work so long – eventually you have to build a whole new dike (In this case DNS). Hopefully with such a large entity getting behind DNSSEC, we’ll see a large movement to it, and we can avoid the next DNS cache poisoning attack before it ever comes, because we all know it will.

Tags: DNS, government

This entry was posted on Thursday, August 28th, 2008 at 2:20 pm and is filed under compliance, investigations, regulations, and legal. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.