Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Eventually, the system could be a foundation for browser-based blocking or warnings—and for verifying who sent e-mails or authored a document. “DNSSEC will confirm for us the name of the site that I’m dealing with, and that becomes a fact that browsers can take advantage of to help mitigate against certain kinds of phishing attacks,” says James Galvin, director of strategic relationships and technical standards at Afilias, an Internet infrastructure provider. “But that’s a place we have to get to, and we aren’t there.”

Richard Lamb, the architect for DNSSEC deployment at ICANN, the Internet Corporate for Assigned Names and Numbers, says that in the long run, DNSSEC could enhance Internet security enormously. “How (warnings) will get displayed to end users is still in discussion, but in the long term, the end user will be that much more secure—because they won’t be able to get to a site that’s not been validated,” he said. In later iterations of the system, he says, “when you get e-mail from a random person, you could verify not just the address but the actual person, through a cryptographic handshake.”

In the view of some experts, though, Congress will undermine DNSSEC if it passes a bill now under consideration. Under the proposed legislation (pdf), if an Internet service provider receives a court order to block websites peddling stolen media or counterfeit pharmaceuticals, it will be required to redirect a Web user attempting to visit such a site to a takedown notice.

Such redirection is what DNS hackers try to do, and what DNSSEC aims to prevent. “If we end up with legislation on that point, it will be impossible to do end-to-end DNSSEC because it will be illegal in some cases,” says Vixie, who is a co-signer of a report (pdf) blasting the bill.

Even if DNSSEC is fully implemented, it’s no panacea. However, Galvin says, “everything we do on the Internet depends on the DNS, so DNSSEC becomes the foundation for a safer and more secure Internet.”

Meanwhile, users will just have to remember to stop and think before they click.  “Technology can take you pretty far, and the technology will improve, and DNSSEC can help,” says Galvin. “But as a practical matter, users do have to take ownership of what happens to them. The best we can hope to achieve is to reduce” their risk.

0 comments about this story. Start the discussion »

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me