IETF: Should We Ignore the Kaminsky Bug?

Whether the IETF should use its resources to encourage DNS registries, ISPs and enterprises to upgrade to the ultimate DNS security solution, DNSSEC, or whether it should tweak the DNS protocols to address the so-called Kaminsky bug as an interim step is being debated at a meeting of the IETF held in Minneapolis last week reports Network World.”The problem is that DNSSEC prevents Kaminsky attacks only when it is fully deployed across the Internet — from the DNS root zone at the top of the DNS hierarchy down to individual top-level domains, such as .com and .net. Until then, Web sites remain vulnerable to Kaminsky-style attacks.”The article concludes, “Getting the root signed is the ‘800-pound gorilla in the middle of the room,’ says IETF participant Paul Hoffman, an Internet security expert who sent a comment to the NTIA ‘Let’s say the root is signed tomorrow. Let’s say all the important top-level domains are signed. It’s still no good unless all of the domains are signed. You can’t just deploy DNSSEC. You have to deploy it universally.'”To read this Network World article in full, see or

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.