Patrick Thibodeau reported in NetworkWorld on Vinton Cerf's speech at aTechAmerica conference Wednesday (see The Internet is Incomplete).
Vint is one of the designers of the Internet, the former head of ICANN (the governing body of the DNS), and is currently Chief Internet Evangelist for Google. He is not only technically smart but also people savvy as he guided ICANN from inception through choppy world-wide political waters.
When he talks we should listen. The article states:
One of the most critical needs is authentication, Cerf said, and he told the crowd at a TechAmerica gathering Wednesday that anyone who performs transactions over the Internet - which is everyone - should "should be deeply concerned about that technology."
The lack of authentication is pervasive and is even a problem in simple cases, such as authenticating entries in the domain name system, he said.
"Authentication isn't available on an end-to-end basis at all layers of the architecture," Cerrf said. While users are good "at building concrete tunnels" using simple SSL (Secure Sockets Layer) techniques, they don't identify the end points and just secure the channel, he said. You can have an e-mail with an attached virus, thoroughly encrypted, and send it through an encrypted tunnel, and once it gets to the other end "it gets decrypted and then, of course, does its damage," he said.
Mobile is another problem. "We do a terrible job serving up mobile," Cerf said, referring to the ever broadening use of the Internet via mobile devices. He said protocol work is needed to address it.
What we are talking about here is the need for DNSSEC, which is the only feasible, near-term and cost effective authentication for the Internet. It is noteworthy to point out that SSL and VPN do not protect you without DNSSEC, as Dan Kaminsky has pointed out.
The business and e-commerce community needs to adopt DNSSEC as soon as possible.
Comments