ICANN ICANN Email List Archives


<<< Chronological Index >>>    <<< Thread Index >>>

EPIC Supports PIR DNSSEC proposal for .ORG

  • To: pir-dnssec-proposal@xxxxxxxxx
  • Subject: EPIC Supports PIR DNSSEC proposal for .ORG
  • From: Marc Rotenberg <rotenberg@xxxxxxxx>
  • Date: Sat, 24 May 2008 13:11:58 -0400

Comments of the Electronic Privacy Information Center (EPIC) on the

Public Interest Registry (PIR)'s proposed implementation of

DNS Security Extensions (DNSSEC) in .ORG

May 24, 2008

Washington, DC


These comments provide the viewpoint of the Electronic Privacy Information Center (EPIC) on DNSSEC in response to your Request for Proposal on the Public Interest Registry's proposed implementation of DNSSEC in .ORG, as mentioned on http://www.icann.org/announcements/announcement-23apr08.htm .

DNSSEC will significantly improve the authentication of the servers that provide domain names and therefore the paths to websites and other Internet services for end users. Whereas an Internet user with unsecured DNS can only guess about the authenticity of the server which provides his browser with the IP address for a given domain name, with DNSSEC users can validate the identity of the DNS server. This provides enhanced security for end users, as it becomes increasingly difficult for criminals to act as a benign DNS server. Phishing involves three steps: setting up a fraudulent web site to collect information, getting people to go to the site (usually via spam), and collecting the information. Directing users to the fraudulent website becomes increasingly difficult if users only use authenticated DNS servers.

EPIC has previously stressed the importance of privacy protectionn and transparency for a wide range of Internet standards, including Microsoft Passport, the P3P protocol, and WHOIS. Whether it is data collection, processing, or dissemination, user privacy is served by transparency of these services. EPIC supports the enhanced transparency that DNSSEC provides. Our comments will focus on two issue: policy surrounding DNSSEC; and DNSSEC technology. Section two focuses on policy issues as the owner of the root zone key, user transparency and education and the broadness of security DNSSEC provides. In Section three, we focus on the most important technology issue from a privacy perspective. EPIC provides a short conclusion and recommendations in section four.

2. Policy surrounding DNSSEC

Fully inform users about the reach of the DNSSEC protocol

Transparency for the user about DNSSEC's processes is the first step to creating a better understanding for users about how to use the Internet and specifically browse the web more securely and safely. It is important that users understand the extent to which DNSSEC improves security on the Internet. Users should understand that DNSSEC authenticates the mapping between the IP address and the DNS name, but it doesn't verify the intent with which the DNS server issues the address. In other words, a user could still be tricked into visiting a malicious website by clicking on a domain name that looks like a legitimate domain but is in fact not—for example, the domain mybank- security.com instead of mybank.com. With DNSSEC a DNS server can also still provide a spoofed IP address by simply not providing digitally signed response, or by providing a response with an incorrect signature; users will need tools that can warn the user that a domain name that is normally signed is suddenly not signed, or that the signature is incorrect. The problems that users face here will be similar to the problems that users face today when visiting websites with invalid SSL certificates. EPIC is confident that future tools will be able to do a better job protecting users using the security information that DNSSEC will provide.

DNSSEC also does not assure that legitimate websites do not misuse the user’s information once it is received. For example, DNSSEC does not protect consumers against websites that receive confidential information and then share it in violation of the site’s posted privacy policy. Users should be informed that DNSSEC doesn't protect against this type of fraud.

Promote transparency of DNSSEC for end users

The implementation of DNSSEC at the user interface is critical to how users will experience DNSSEC's security and privacy features. Human judgment is essential when users consider the implications of a service on their privacy. Relying on a system alone, without human judgment to utilize DNSSEC requests, makes the user vulnerable to errors in the system. EPIC proposes the development and endorsement of a transparent and user-friendly way to help users verify a DNSSEC request and help them make judgments on the trustworthiness of other requests. Such an interface would transport the transparency of DNSSEC to the end user and allow him to make informed decisions regarding security and privacy. An example of such a visualization is the Firefox Drill extension: http://www.nlnetlabs.nl/dnssec/drill_extension.html .

Any entity that owns root zone should be transparent about its intents and activities and be held accountable for its actions

The root zone provides the highest level of authentication on DNSSEC from which lower zones derive their authenticity. The proposal now states that PIR will self-sign the .ORG zone initially. As Bernard Turcotte (president of the Canadian Internet Registration Authority) pointed out, the owner of the root zone has significant power over the DNS and DNSSEC. EPIC proposes that any entity owning or regulating the keys in the root zone is transparent about its intent and activities concerning DNSSEC and installs procedures to be held accountable for its actions regarding DNSSEC.

3. Technology issues with DNSSEC

Attach NSEC3 to DNSSEC in .ORG and audit security of system

As presently envisioned, DNSSEC is set up to respond to a request for a non-existent domain name with an authenticated denial of existence report. EPIC stresses that information about which domain names do and do not exist greatly increases the probability of security breaches. The attachment of the NSEC3 protocol, which provides an encrypted response to a query of a non-existent domain name, would guarantee that information about which DNS names do and do not exist is not returned to users in a way that increases the network's exposure to security breaches. EPIC supports the proposed attachment of NSEC3 to DNSSEC and we would like to stress that an audit of the security that DNSSEC with NSEC3 provides is essential for increasing the security of the DNS.

4. Conclusion

EPIC supports the PIR initiative to establish DNSSEC for the .ORG domain. The implementation of DNSSEC for the .ORG domain is a promising step to make the Internet more secure and transparent for end users. EPIC supports this transparency, because users will be more informed about the websites they are surfing, the FTP sites to which they connect, and the mail servers through which they send messages..

EPIC has the following comments about implementing DNSSEC for the .ORG domain:

Fully inform users about the reach of the DNSSEC protocol
Promote transparency of DNSSEC for end users
Any entity that owns root zone should be transparent about its intents and activities and be held accountable for its actions
Attach NSEC3 to DNSSEC in .ORG and audit security of system

EPIC hopes that the implementation of DNSSEC in the .ORG domain will lead to a more secure and transparent way for end user to use the Internet. We recommend a thorough evaluation of the implementation and when the results are positive, research possible extensions of DNSSEC to other domains on the Internet.

Marc Rotenberg, Executive Director
David Riphagen, Research Assistant
Electronic Privacy Information Center (EPIC)
Washington, DC.


ICANN Opens Comment Period on PIR's Proposed Implementation of DNSSEC

Proposed PIR Amemdment, (3.1c(i) of the .ORG Registry Agreement)


EPIC Alert, “.ORG to Pursue DNS Security Standard,” (May 15, 2008)

<<< Chronological Index >>>    <<< Thread Index >>>