The Internet Corporation for Assigned Names and Numbers (ICANN) is opening a comment period on the Public Interest Registry’s (PIR) proposed implementation of DNS Security Extensions (DNSSEC) in .ORG. The Public Interest Registry (PIR) is a not-for-profit corporation created by the Internet Society (ISOC) and is a major source of funding.The Internet Society of New York is a Chapter of ISOC.
DNSSEC digitally signs DNS records but doesn’t encrypt DNS traffic. DNS responses are validated as legitimate and not hacked or tampered with. This ensures users don’t get sent to phishing sites when requesting a legitimate website. DNS security has increasingly become a concern, with DNS being prone to this type of attack, as well as being vulnerable to distributed denial-of-service (DDOS) attacks such as the one that temporarily crippled two of the Internet’s 13 DNS root servers last year.
ICANN has made a preliminary determination that the PIR proposal requires further consideration by ICANN’s Registry Services Technical Evaluation Panel (RSTEP) because the new service could raise significant security or stability issues.
Under the terms of the Registry Services Evaluation Policy, the RSTEP shall have 45 calendar days from the referral, until 5 June 2008, to prepare a written report regarding the proposed Registry Service’s effect on security and stability. The report (along with a summary of any public comments) will be forwarded to the ICANN Board. The report will set forward the opinions of the RSTEP, including, but not limited to, a detailed statement of the analysis, reasons, and information upon which the panel has relied in reaching their conclusions, along with the response to any specific questions that were included in the referral from ICANN staff.
A copy of the proposed PIR amendment is available at http://www.icann.org/tlds/agreements/org/proposed-org-amendment-23apr08.pdf [PDF, 25K]. The amendment is a change to Section 3.1c(i) of the .ORG Registry Agreement. Comments on the PIR proposal and amendment submitted to pir-dnssec-proposal@icann.org will be considered until 23:59 UTC 24 May 2008. Public comments will be available for consideration by the RSTEP Review Team and the ICANN Board, and may be viewed at http://forum.icann.org/lists/pir-dnssec-proposal/. All documents related to the PIR proposal are available at http://www.icann.org/registries/rsep/#2008004.
ICANN plans to switch to DNSSEC later this year for its .arpa Internet domain servers.
Country domains .swe (Sweden), .br (Brazil), and .bg (Bulgaria ) already run DNSSEC for their domain servers.