Securing the Internet with DNSSec

Some 10 percent of servers in the network today are vulnerable to domain name system (DNS) attacks, and many experts expect a serious attack on the underlying infrastructure within the next decade. The DNS Security Extensions (DNSSec) Deployment Coordination Initiative is part of a global effort to deploy new security measures that will help the DNS perform as people expect it to – in a trustworthy manner.

At the recent ATA e-business forum, this process was at the heart of a unique encounter between two communities engaged in digital security, but from very different perspectives.

They included experts from an aviation industry that is gradually moving from private networks to the Internet for its communications – and that needs to ensure that how it uses the Internet does not impact negatively on the safety and reliability of air transport. Also members of a technical community that has been active since the first days of the Internet and works in great depth to address security threats the system is facing.

The two communities met in a workshop called to explore what the Internet's engineering community is doing to secure the DNS, to learn how and why  the US government is supporting deployment of a new security technology in DNS, and to discuss how Internet security meets aerospace needs.

They endeavoured to find answers to a broad range of questions. For example:

• what level of deployment makes sense for the industry?

• how does implementation fit with digital security standards?

• could we use DNSSec to distribute public keys? When would that be appropriate?

• could we use DNSSec to secure Internet messaging?

• how and to what extent can this technology help create cost effective security  solutions in the air transport community?

The speakers at the event, which was moderated by .aero,  included:


Steve Crocker from Shinkuro – an internet veteran, leader of the DNSSec deployment initiative and also chair of ICANN's Security and Stability committee.

Julien Holstein from Airbus SAS – who, together with Jacqueline Knoll from Boeing, co-chairs the ATA's Digital Security working group.

Gary Cooper – a solutions architect from ARINC.  ARINC, like SITA, is actively involved in the digital security working group and in the .aero initiative.

Cathy Handley from the Office of International Affairs, National Telecommunications and Information Administration, US Department of Commerce – reflecting her own particular involvement with DNSSec deployment.


DNSSec group deploys newsletter

The DNSSec deployment group now offers a simple way to monitor progress in this important initiative through a new monthly newsletter that will offer updates on new policies, early adopters and advances in DNS security extension development. You can download copies from their website at:


or: subscribe directly by e-mail to


or: download the PDF version.