A technology almost two decades in the making finally rolled out into active use today. DNSSEC, or Domain Name System Security Extensions is a security protocol by which an IP address (the series of numbers that is a website’s actual location) and the URL, or the words in the web address, are justified.
13 name registrars handling the .org top-level domain, including the largest, Go Daddy, are offering DNSSEC, according to PCWorld. That alone is reason to believe all registrars will do the same in short order. VeriSign plans to add it to .net by the end of the year.
The importance of this is in cementing the relationship between an IP and a URL. Doing so with DNSSEC makes it infinitely more difficult for a hacker to hijack traffic and send it to a fake site. DNSSEC uses digital signatures and public-key encryption to prove a valid relationship between the two elements of the address.
The master root key for the encryption was generated last week at a meeting hosted by ICANN, according to Network World.
When the IP/URL system was first being rolled out, it was done with the idea of scalability and speed. There’s a trade-off in every system and in this one it was security. Implementation of NDSSEC should go a long ways toward plugging that hole.
Top photo by Mike Baird
Bottom photo by Rafael López Diez