- Date: Wed, 01 Jul 1998 15:04:03 +0200
- From: James Ellis <jte@cert.org>
- Subject: Security issues
We are in the midst of engineering changes to the DNS system worldwide. The
need for such changes in the area of trademark protection, number of TLDs, etc.
has become readily apparent so it is natural and appropriate to take action.
Problems in these areas have become so severe as to generate lawsuits which so
often serve as the wake-up call (at least in the U.S.).
I submit that the security of the DNS infrastructure and data it maintains is
just as vital to the continued growth of the Internet as other DNS issues which
have gathered so much attention.
DNS has had a typical history of security issues that have developed as the
Internet has grown. We have experienced problems with spoofed DNS data,
trusting unsolicited data, implementation errors, and even too much trust being
placed in DNS data returned by its legitimate, authoritative server.
Our challenge is to make sure we leverage every opportunity to address security
issues now in order to minimize security problems in the future. Once a set
of “game rules” are established, the market incentive for Registrars and
Registries will be to inventively search out and adopt those practices that are
the most cost-effective for them in the short term. After these become
established, many opportunities may be lost.
Areas that I believe might be profitably addressed now before the Registrars
and Registries become established include:
+ DNSsec - The DNSsec protocol is ready, but how do we encourage worldwide
deployment? Registries and Registrars should be required to support it, of
course. Are there ways they can encourage individual sites to also deploy it?
Perhaps require DNSsec of “large” sub-domains? Require two-tiered pricing
(surcharges for non-compliant sub-domains)?
+ Software Implementations - The implementations for Registry/Registrar
communications must use both strong security algorithms and best-known
practices for their design and implementation. Strong consideration should be
given to requiring that source code be available for some level of public
review.
+ Crypto - Building on John Gilmore’s success in distributing DNS software with
crypto authentication, it may be possible to coordinate clear worldwide support
for such export for DNS purposes. It may also be possible to obtain a U.S.
waiver for certain encrypted DNS information, if some protocols need it,
similar to what the banking industry is permitted to do.
+ Funding - The new Registrars and Registries are intended to profit from the
existence and continued well functioning of the Internet infrastructure. It
may be appropriate for that profit to support the infrastructure, for example
by funding continued development on a public version of Bind? ISC may already
have this specific effort under control. In any event, this should be part of
a broader discussion of how best to support the Internet infrastructure and
“taxes”.
+ Contact information - In the same vein as having a requirement for contact
information for resolving trademark disputes, perhaps there should be a
requirement for security contact information.
These are my personal comments and are not intended to reflect the position of
CERT/CC, the SEI, or CMU. I would be happy to discuss these in more detail
with anyone interested. I can be best reached at jte@cert.org.
-- Jim Ellis