The Futility of DNSSec
نویسندگان
چکیده
The lack of data authentication and integrity guarantees in the Domain Name System (DNS) facilitates a wide variety of malicious activity on the Internet today. DNSSec, a set of cryptographic extensions to DNS, has been proposed to address these threats. While DNSSec does provide certain security guarantees, here we argue that it does not provide what users really need, namely end-to-end authentication and integrity. Even worse, DNSSec makes DNS much less efficient and harder to administer, thus significantly compromising DNS’s availability—arguably its most important characteristic. In this paper we explain the structure of DNS, examine the threats against it, present the details of DNSSec, and analyze the benefits of DNSSec relative to its costs. This cost-benefit analysis clearly shows that DNSSec deployment is a futile effort, one that provides little long-term benefit yet has distinct, perhaps very significant costs.
منابع مشابه
Dimensions of Futility at the End of Life: Nurses’ Experiences in Intensive Care Units
Background and aims: The concept and meaning of futile care depends on the existing culture, values,religion, beliefs, medical achievements, and emotional status of a country. In Iran, futile care hasbecome a challenge for nurses working in intensive care units (ICUs). Considering the differencesobserved in defining futile care based on the patients’ conditions and the nurses’...
متن کاملPrevalence of DNSSEC for hospital websites in Illinois
The domain name system translates human friendly web addresses to a computer readable internet protocol address. This basic infrastructure is insecure and can be manipulated. Deployment of technology to secure the DNS system has been slow, reaching about 20% of all web sites based in the USA. Little is known about the efforts hospitals and health systems make to secure the domain name system fo...
متن کاملFutility in Complementary and Alternative Medicine: A Critical Review from an Ethical Perspective
Several definitions for medical futility has been proposed in the literature. Medical futility is defined as the condition in which an intervention, either for diagnosis, prevention, treatment, rehabilitation or other medical goals, has no benefit for the individual patient. This critical review aimed to increase the understanding of physicians and other healthcare providers on the issue of fut...
متن کاملNew Protocol E-DNSSEC to Enhance DNSSEC Security
The Domain Name System (DNS) is an essential component of the internet infrastructure. Due to its importance, securing DNS becomes a necessity for current and future networks. DNSSEC, the extended version of DNS has been developed in order to provide security services. Unfortunately, DNSSEC doesn’t offer query privacy; we can see all queries sent to resolver in clear. In this paper, we evaluate...
متن کاملTowards Adoption of DNSSEC: Availability and Security Challenges
DNSSEC deployment is long overdue; however, it seems to be finally taking off. Recent cache poisoning attacks motivate protecting DNS, with strong cryptography, rather than with challenge-response ‘defenses’. Our goal is to motivate and help correct DNSSEC deployment. We discuss the state of DNSSEC deployment, obstacles to adoption and potential ways to increase adoption. We then present a comp...
متن کامل