[kictanet] Domain Name Security Paper Released]

alice alice at apc.org
Fri Jul 25 12:53:01 EAT 2008 


http://www.icann.org/en/announcements/announcement-24jul08-en.htm 
<http://click.icptrack.com/icp/relay.php?r=9826720&msgid=163486&act=9MXL&c=165637&admin=0&destination=http%3A%2F%2Fwww.icann.org%2Fen%2Fannouncements%2Fannouncement-24jul08-en.htm> 

------------------------------------------------------------------------

Domain Name Security Paper Released

24 July 2008

Marina Del Rey, Calif: For many years, the Internet community has been 
developing and enhancing a Domain Name System (DNS) security technology 
called DNSSEC.

ICANN's strategic 
<http://click.icptrack.com/icp/relay.php?r=9826720&msgid=163486&act=9MXL&c=165637&admin=0&destination=http%3A%2F%2Fwww.icann.org%2Fen%2Fstrategic-plan%2F> 
and operating 
<http://click.icptrack.com/icp/relay.php?r=9826720&msgid=163486&act=9MXL&c=165637&admin=0&destination=http%3A%2F%2Fwww.icann.org%2Fen%2Ffinancials%2Fadopted-opplan-budget-v3-fy09-25jun08-en.pdf> 
[PDF, 480K] plans call for ICANN to be operationally ready to deploy 
DNSSEC at the root level and work with relevant stakeholders to 
determine how this should be implemented. With input from many 
stakeholders, ICANN has prepared a document describing this path to 
operational readiness for signing the root.

The purpose of this paper 
<http://click.icptrack.com/icp/relay.php?r=9826720&msgid=163486&act=9MXL&c=165637&admin=0&destination=http%3A%2F%2Fwww.icann.org%2Fen%2Fannouncements%2Fdnssec-paper-15jul08-en.pdf> 
[PDF, 342K] released today is to:

a) articulate ICANN's initiatives toward operational readiness for 
DNSSEC signing; and

b) help determine the right structures so ICANN is "…prepared to 
digitally sign the root using DNSSEC technology by late 2008", as 
directed in the July 2008 – June 2011 ICANN Strategic Plan after 
consultation with stakeholders and having sought the necessary approvals.

Specifically, this document is not a roadmap for DNSSEC deployment.

Ultimately, this roadmap will be developed by a community consultation 
process, and require relevant approvals through ICANN's IANA functions 
contract with the U.S. Department of Commerce. A public forum has been 
established at http://forum.icann.org/lists/dnssec-roadmap/ 
<http://click.icptrack.com/icp/relay.php?r=9826720&msgid=163486&act=9MXL&c=165637&admin=0&destination=http%3A%2F%2Fforum.icann.org%2Flists%2Fdnssec-roadmap%2F> 
and ICANN actively seeks your input on this important matter. Email 
comments to dnssec-roadmap at icann.org <mailto:dnssec-roadmap at icann.org>

In addition recently, a prominent security researcher privately reported 
two domain name system (DNS) vulnerabilities to many DNS name server 
developers.

DNSSEC would be a solution to these vulnerabilities.

The details of the vulnerabilities have not yet been disclosed publicly 
at this stage so that developers can produce patches to reduce the 
threat these vulnerabilities pose. Private disclosures of this kind also 
give DNS operators an opportunity to patch systems before the 
vulnerabilities can be exploited for malicious or criminal purposes. 
ICANN understands there will be a public announcement of these 
vulnerabilities by the researcher in coming weeks.

This vulnerability does not affect root-level servers or services that 
provide authoritative name service at the top level. But it does 
represent a threat for domain name servers that operate between end 
users and the root; servers operated by Internet Service Providers or 
large enterprises. Commercial service providers in general are aware of 
this issue, and are working with vendors to update their software to the 
latest versions.

ICANN's Security Stability Advisory Committee will be examining this 
issue and may report more fully later. ICANN urges any entity operating 
name services to update to the current versions to provide greatest 
protection.

Glen de Saint Géry

GNSO Secretariat

gnso.secretariat at gnso.icann.org

http://gnso.icann.org

 

 

-------------- next part --------------
_______________________________________________
AfrICANN mailing list
AfrICANN at afrinic.net
https://lists.afrinic.net/mailman/listinfo.cgi/africann

More information about the KICTANet mailing list