DNSSEC is simple to implement and is ready to go (see Secure64 DNS Signer) and provides an internet-wide authenticated database that can be used by many applications beyond validating web sites. It can be a repository for other public data, such as email certificates.
Lack of authentication is one of the basic security weaknesses of the web. Many people are trying to address it in their own special complex way (see Network World).
Consider if you will an authenticated web. One where you can be sure of reaching your intended web site. One where you can be sure that email came from the person in the "From" column, one where you can send and receive private email (by private I mean encrypted so that no one can spy on your email).
Now let's look at how it can improve health care efficiency. With an authenticated web your medical tests could be sent to you in an encrypted email. You could exchange private emails with your doctor. Your doctor could be emailed those same results. Even your medical chart could be available to your doctor in real time on her PDA.
There are solutions that do this today but at what cost/complexity to build and to maintain? At what complexity for the user? Email certificates are common in the corporate world but they are cumbersome and you can't send an encrypted email without a certificate exchange. They don't meet the grandmother test for ease of use.
In the absence of authentication through the DNS database Identity management solutions are expensive and complex to buy or build and to maintain.
With DNSSEC providing an internet wide authenticated database this is all possible with very little cost and complexity for the user. It just works.
Comments