14 DAY TRIAL // A group of renowed experts have released a technical paper warning members of the US Senate that DNS-related provisions of a new anti-piracy bill endangers DNSSEC deployment and the security of the Internet infrastructure.
The controversial PROTECT (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act) IP Act proposes some very aggressive anti-piracy measures, some of which rely on DNS servers to blacklist domains that participate in copyright infringement.
The group of DNS experts, which includes Dan Kaminsky, the researcher who discovered a critical DNS flaw that pushed forward the adoption of DNSSEC, Steve Crocker, vice chair of the board of ICANN, Damballa co-founder David Dagon, VeriSign chief security officer Danny McPherson, and Paul Vixie, chairman, chief scientist and founder of Internet Systems Consortium, claim the PROTECT IP provisions are contrary to the US government's commitment to Internet security.
Domain Name System Security Extensions (DNSSEC) are a suite of specifications meant to secure DNS, one of the critical components of the Internet infrastructure.
With DNSSEC, the requests between DNS resolvers and authoritative servers are signed, which ensures the integrity and authenticity of responses. This prevents DNS cache poisoning and other attacks.
"DNS filters would be evaded easily, and would likely prove ineffective at reducing online infringement. Further, widespread circumvention would threaten the security and stability of the global DNS," the experts write in their paper. [pdf]
"The DNS provisions would undermine the universality of domain names, which has been one of the key enablers of the innovation, economic growth, and improvements in communications and information access unleashed by the global Internet," they add.
Furthermore, the PROTECT IP provisions encourage migration away from ISP-provided DNS servers. This is a problem because many ISPs use DNS data to detect security threats on their networks and improve performance.
The group of experts feel that the goals of the bill can be reached through other means, like international cooperation on prosecutions, without endangering DNS security and stability.