Black Hat: ICANN says DIY DNS certification is revolutionary

DOMAIN OWNERS will be able to certify themselves under changes rung in by the DNS Security Extensions system (DNSSec) that is expected to be the biggest upgrade to the Internet since the World Wide Web was introduced, according to the Internet Corporation for Assigned Names and Numbers (Icann).

Self certification ensures that a web page really, really is from the stated provider, and so will eliminate many popular attacks, says Icann. Rod Beckstrom, chairman and CEO of Icann, told The INQUIRER that Vint Cerf, chief Internet evangelist at Google, had called the new system the most important change in the Internet since the development of the World Wide Web by Sir Tim Berners-Lee. It must be true, then.

Beckstrom held a press conference at Black Hat 2010 with Dan Kaminsky, the hacker who broke the existing DNS system, to explain the change.

"What DNSSec allows is that each party online can say not only am I sending you a mail but I can put a stamp on it so you can see it's real," said Kaminsky. "This isn't something we've had the ability to do on a wide scale."

The new system has already been integrated into the .org and .uk DNS top-level domains, and the team hopes that the low cost of entry and the security provided will prompt a major rollout.

The improved DNS security will cripple email and website spoofers and man-in-the-middle attacks by eliminating the ability of hackers to create false identities.

The DNSSec system is not perfect, Kaminsky admitted, but will raise the bar for hackers seeking to exploit the way the Internet works. µ