Handicapping New DNS Extensions and Applications
Subject:   DNSSEC: insecure and illegal to use
Date:   2007-01-16 06:03:20
From:   dwheeler
The fundamental problem with DNSSEC is that its original design is insecure - so much so that in many countries it's illegal to use DNSSEC. DNSSEC's original design only worried about authentication of integrity. That's fine, but its design required that ALL DNS data had to be public (i.e., it forbid data confidentiality). This was an explicit bad decision years ago by the DNSSEC developers. The problem was, the people who deploy DNS have generally agreed that you should NEVER expose all DNS data to the world - indeed, they view confidentiality as really important, MORE important than authentication. Check out any book on DNS, and you'll read all about how to deploy DNS while ensuring that most data doesn't reach the outside. DNSSEC breaks that. The DNSSEC developers ignored this issue, claiming that that it didn't matter, until the Europeans explained to them that it would be ILLEGAL to deploy current DNSSEC due to European privacy laws. Non-European governments and most large companies also decided that they didn't want to hand that information to attackers. DNS security is still really needed, but no one should be surprised that a fundamentally flawed protocol isn't implemented widely. The lack of tools is simply an outgrowth, not a cause -- nobody wants to deploy DNSSEC as it is, so there's no reason to build nicer tools for it. There's hope; the fundamental flaw in DNSSEC (enumeration) is correctable, and improvements like NSEC3 may finally make DNSSEC actually useful. I think there's a reasonable chance that DNSSEC will be widely deployed, once its fatal flaws are corrected. See for more information.