Individual Members 

[Press release Stockholm, Sweden, 28 July 2009] – Some of the world’s leading experts met in Stockholm today to discuss how the Internet can become more secure through a full implementation of new security standards in the Domain Name System (DNS).

The Domain Name System is a critical operational element of the Internet, creating a user-friendly environment that allows names to be mapped to host addresses (for example, web and email servers). However, this system is not safe from tampering.

Many experts are calling for a full-scale implementation of Domain Name Security Extensions (DNSSEC) which could protect the Internet from certain types of attacks, such as the Kaminsky Bug.  Patrik Wallström of .SE (the Top Level Domain Registry for Sweden) explained that Kaminsky attacks can trick Internet users by taking over domain names and redirecting queries to another server. All applications are at risk including among others our email and online transactions.

Leslie Daigle, Chief Internet Technology Officer of The Internet Society (ISOC), which organised the event: “DNSSEC effectively wraps tamper proof packaging around the data being requested to assure the user that the information is what was shipped from the authentic source”.

“While DNSSEC isn’t a magic bullet, it is a very important starting point that allows us to start evaluating how to secure the many applications that are intertwined with the Domain Name System,” explained Jim Galvin, speaking on behalf of the Public Interest Registry that manages the .org domain name, and which implemented DNSSEC on the .org domain earlier this year.

Richard Lamb, DNSSEC Programme Manager of ICANN added that “momentum has been building up. Today there is a generalised awareness that we need to implement the security extensions already at the root of the domain name system.”

Matt Larson, Vice President of DNS research at VeriSign, one of the world’s leading providers of network infrastructure services discussed VeriSign’s plans for deploying DNSSEC in .com and .net. He said: “We are committed to the application of DNSSEC and have had a long history of involvement in its development. We are planning to have .net signed by the end of 2010 and .com signed in early 2011″.

Securing the DNS panelists:

• Patrick Wallström, .SE
• Richard Lamb, ICANN
• Olaf Kolkman, NLnet Labs
• Leslie Daigle, The Internet Society
• Jim Galvin, Aflias, on behalf of Public Interest Registry
• Matt Larson, Verisign

More details of the event, including presentations at:

• Event site
• Securing the DNS background paper