.SE Press release
2009-06-05

The root zone will be signed with DNSSEC by the end of 2009. The American announcement of a DNSSEC collaboration to enhance the stability and security at the lowest point of the domain name system will have a great effect on the DNSSEC spread. It also acknowledges the pioneering work of .SE and others in Sweden.

The American Department of Commerce collaborates with NIST (NationaI Institute of Standars and Technology), ICANN (the Internet Corporation for Assigned Names and Numbers) and Verisign to sign the so-called root zone by the end of 2009.

Discussions on signing the root zone with DNSSEC, i.e. the lowest point of the domain name system, have been going on for several years, and was intensified last summer when Dan Kaminsky discovered a vulnerability in the domain name system. The American authorities have announced that the root zone will be signed with DNSSEC by year´s end.

“We’ve been working towards a signed root for more than three years. In fact, ICANN has operated a root zone signing test bed for more than two years. So ICANN is aware of the urgency around signing the root to enhance stability and security” says Paul Twomey, President and CEO of ICANN in a press release

“This is great news, mainly because the using of DNSSEC will be spread easier in the world. Resolver operators can rely on the root zone instead of every single signed domain. That enhances the safety of all users. Therefore, we are very happy about this announcement” says Patrik Wallström, project manager of DNSSEC at .SE.

“What still needs to be done is to get all single domain name holders and nameserver operators to sign their domains. That takes more automatized tools, which is something .SE is working with within the OpenDNSSEC project” Patrik Wallström adds.

.SE-DNSSEC is targeted at anyone who is running much visited websites where there could be an interest for attackers to redirect traffic to their own website. DNSSEC is a technique to cryptographically sign name lookups on the Internet. In practice, this means that Internet users can trust that the address written in their web browser really goes to the website they want to visit.

There are several Swedish municipalities and authorities that have chooses to protect their domains with DNSSEC, among them Post- och telestyrelsen (www.pts.se) Valmyndigheten (www.valmyndigheten.se), Skatteverket (www.skatteverket.se) och Regeringskansliet (www.regeringen.se).

For several years, .SE has been ahead of the curve when it comes to DNSSEC, amongst other technologies. .SE signed its own zone in September 2005. Two years later, .SE introduced a fully implemented DNSSEC service. The interest for this service has been great, both in Sweden and elsewhere. Moreover, .SE have supported ICANN in their implementation of a root signing test bed and also arranged several trainings in DNSSEC for other top-level domains.

To read the ICANN and NIST press releases, please go to the following URLs:
http://www.icann.org/en/announcements/announcement-2-03jun09-en.htm

http://www.nist.gov/public_affairs/releases/dnssec_060309.html

For more information, contact:
Maria Ekelund, PR and information manager at .SE
Phone: +46-8-452 35 27, Mobile ph: +46-732-745 902
E-mail: maria.ekelund@iis.se

About .SE
.SE  (The Internet Infrastructure Foundation) is an independent utility that acts to promote positive development of the Internet in Sweden. .SE is responsible for the Internet´s Swedish top-level domain, .se, encompassing domain name registration and administration, as well as the technical operation of the national domain name register. Profits from domain name registrations are used to support projects that contribute to Internet development in Sweden. For more information, see www.iis.se