So says this news bulletin. Via ICANN’s [ga] mailing list.

The US government has called on all federal offices to take measures to prepare their domains for DNSSEC. Starting in January 2009, the US government will use DNSSEC for all .gov top level domains Second level domains for federal offices will follow. The move is the US government’s reaction to the increasing threat of cache poisoning attacks on name servers, which make it possible to redirect even .gov addresses to servers controlled by criminals.

With the DNSSEC extension, all responses to a name server are signed, allowing the recipient to verify via public key infrastructure (PKI) whether they are authentic responses derived from the responsible name server. International implementation of DNSSEC has so far been hampered by disagreements over who would control the PKI.

While the implementation schedule for DNSSEC appears to be rather generous, federal offices tend to move rather slowly. Government offices are scheduled to have their initial plans for the implementation ready by early September. By December 2009 DNSSEC is supposed to be established for all second level domains under .gov.

Tags: DNSSEC, PKI, cache poisoning, .gov, dot gov

Posted by Antony in: Domains