Wednesday, March 1, 2017

Control of DNS versus the Security of DNS

"We're getting beat up by kids, captain!"


So instead of futile and counterproductive efforts trying to regulate all vulnerabilities out of the IoT market, we need to understand that our policies for national cybersecurity may have to let go of certain control points we have, in order to build a resilient internet.

In particular, central points of failure like DNS are massive weak points for attacks run by 19 year olds in charge of botnets.

But why is DNS still so centralized when decentralized versions like Convergence have been built? The answer is: Control.

Having DNS centralized means big businesses and governments can fight over trademarked DNS names, it means PirateBay.com can be seized by the FBI. It is a huge boon for monitoring of global internet activity.

None of the replacements offer these "features". So we as a government have to decide: Do we want a controllable naming system on the internet, or a system resistant to attack from 19 year olds? It's hard to admit it, but DNSSec solved the wrong problem.