It has taken more than ten years to develop, but the Internet is now about to become safer. NIC-SE will be the first top level domain to start using the dnssec protocol. Among other things, the Internet banks will become more secure.
The Internet of today is based on a number of technologies, one of the most important being the Domain Name System (DNS), whose primary function is to link domain names with IP addresses.
Like many technologies in use since the 1980s, dns does not have any built-in security. For more than ten years, IETF (Internet Engineering Task Force) has been developing and perfecting the remedy - dnssec, or dns security extensions. Last week, NIC-SE became the first top level domain to start using the new protocol. The aim is to achieve a more secure Internet.
Dnssec works by securing name look-ups - in other words, which IP address is linked to which domain name - using digital signatures.
"When Mr. Svensson wants to pay his bills on the Internet, he must be able to be completely certain that the SEB bank's website really is just that," says Jakob Schlyter, the NIC-SE consultant with technical responsibility for the project, who is also involved in developing the technology.
When looking up a domain name, the user can, by checking the signature, determine whether the response originates from the correct source and that it has not been altered by a hacker along the way.
Several steps
The first phase of NIC-SE's rollout of dnssec involves a test operation, which will run until mid-October. The next step will be to make dnssec accessible to a number of test users. This will happen in conjunction with the "Internet Days" conference in October. The test period will be followed by a proper service early next year.
That NIC-SE is the first top level domain to start using dnssec is certainly a feather in the cap for the organization. But it also increases the pressure and the eyes of the world will be turned on Sweden.
"It is extremely important that we succeed. Everything has gone well so far," says Anne-Marie Eklund Löwinder, Information Security Manager at NIC-SE.
"The fact that Sweden will be first to start using dnssec is partly due to the ideal size of the .se domain and partly to our advanced technical expertise," says Anne-Marie Eklund Löwinder.
Several setbacks
Development of the technology was by no means an easy ride and it suffered several setbacks along the way. In 2001, the developers were forced to start over with key processing. And as late as one and a half years ago, Jakob Schlyter discovered a problem when different versions of dnssec were used together.
Today, these problems have been resolved:
"After long tests during the past eighteen months, we know that it works," says Jakob Schlyter.
At the same time, he calls for caution. Firewalls are a worrying factor. For example, Cisco has known about a bug in its firewalls for two years and has done nothing about it. In Jakob Schlyter's opinion, the users must put more pressure on suppliers.
A Swede who has followed the technology's development for a long time is Internet expert Patrik Fältström. He is relieved that dnssec is finally put into use.
"It feels great," says Patrik Fältström
Läs artikeln på svenska
