Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/4/2009
02:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ICANN To Work With NTIA, NIST, Verisign On Interim Solution To Core Internet Security Issue

Organizations working on the goal of an operationally Signed Root Zone as soon as feasible in 2009

Washington, D.C.—June 3, 2009—ICANN will work with the U.S. Department of Commerce's National Telecommunications and Information Administration (NTIA), the National Institute of Standards and Technology (NIST) and VeriSign on the goal of an operationally Signed Root Zone as soon as feasible in 2009.

In a letter agreeing to participate, ICANN recognizes the urgency surrounding the issue of electronically signing the Internet's "root zone" but stresses the need for this process to be interim.

"We've been working towards a signed root for more than three years. In fact, ICANN has operated a root zone signing test bed for more than two years. So ICANN is aware of the urgency around signing the root to enhance stability and security" Paul Twomey, President and CEO of ICANN said.

"ICANN has agreed to work with VeriSign and the Department of Commerce to first test, and then have production deployment of DNS Security Extensions (DNSSEC) as soon as feasible without prejudice to any proposals that may be made for long term signing processes" said Twomey.

"There will of course need to be consultations with the Internet technical community as the testing and implementation plans are developed" he added.

The NTIA asked for input from the Internet community in October 2008 on the issue of securing the top level of the domain name system (DNS) from vulnerabilities that threaten the accuracy and integrity of the DNS data. Vulnerabilities in the existing DNS have become easier to exploit to the extent that malicious parties may be able to distribute false DNS information, and to re-direct Internet users.

Details of the process are still being worked on but discussions between the Department of Commerce and VeriSign and ICANN have identified that VeriSign will manage and have operational responsibility for the Zone Signing Key in the interim arrangement, and that ICANN will manage the Key Signing Key process. ICANN will work closely with VeriSign regarding the operational and cryptographic issues involved.

"This is very important for the global community of Internet users. We will work closely with all participants on this crucial security initiative." Twomey said.

For more information on DNSSEC deployment, please visit: http://www.icann.org/en/announcements/dnssec-qaa-09oct08-en.htm.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15270
PUBLISHED: 2020-10-22
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not pa...
CVE-2018-21266
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2018-21267
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-27673
PUBLISHED: 2020-10-22
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
CVE-2020-27674
PUBLISHED: 2020-10-22
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.