Security Tightened for .org DomainJune 2, 2009 – 3:04 PM
The Public Interest Registry will announce today that it has begun cryptographically signing the .org top-level domain using DNS security extensions known as DNSSEC.
DNSSEC is an emerging standard that prevents spoofing attacks by letting Web sites verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.
DNSSEC is viewed as the best way to bolster the DNS against vulnerabilities including the Kaminsky Bug, a DNS flaw discovered last summer that allows a hacker to redirect traffic from a legitimate Web site to a fake one without the user knowing.
“DNSSEC is a needed infrastructure upgrade,” says Alexa Raad, CEO of the Public Interest Registry (PIR). “It has passed the threshold of being a theoretical opportunity to being a practical necessity. The question then becomes: How do we make it work?”
With 7.5 million registered names, .org is the largest domain to deploy DNSSEC.
Current DNSSEC users include country code domains run by Sweden, Puerto Rico, Bulgaria, Brazil and the Czech Republic.
“Us signing the zone is a very important step, but it’s also a symbolic step,” Raad says. “A large [generic top-level domain] has now signed their zone. It will signal to all the other players in the chain that it is time to work very seriously on the software and applications to make DNSSEC viable in the near future.”