a sign that DNSSEC is real.
"What I think you should take away from this as corporate IT managers is that DNSSEC is coming. DNNSSEC is real, and it's out of the experimental stage,'' Daigle says. "It's OK to buy products and equipment to support it.''
Network managers also should take a good look at DNSSEC because of the Kaminsky bug, experts say. This is especially true of industries such as banking and e-commerce that battle phishing attacks.
The Kaminsky bug "is a verifiable and credible business case for actually deploying DNSSEC, not just in the government but in private industry,'' Joffe says. "The only solution we know of that is 100% correct in solving the problem of DNS cache poisoning is DNSSEC.''
Reprinted with permission from Networld World. Story copyright 2008 Networld World Inc. All rights reserved.
Comments
The RFC 2065 you are linking to in your article is obsolete.
Current DNSSEC RFCs are 4033 + 4034 + 4035 and others.
Please see the DNSSEC.net website for all related DNSSEC RFCs.
Post new comment