Skip to main content

We've gone 24/7 live!!!!

On March 19, 2014 HaulingGear enabled 24/7 live comfish newsfeeds on our front page at ! Enjoy! Click image to view

DNSSEC's Time Is Here, But #SOPA Presents Challenges #SupplyChain #Freedom #Comcast

Image representing PayPal as depicted in Crunc...
Image via CrunchBase

By Ram Mohan on January 10, 2012

...... PayPal, which has over 100 million active e-commerce accounts worldwide, has also now fully embraced DNSSEC. In December 2011, the company said it has signed all zones in all of the top-level domains in which it has a presence. So is signed and, for example, so is This important step means that PayPal account holders using validating resolvers will be able to make payments with the confidence of knowing that the PayPal DNS has not been hijacked by criminals.

While the decision by Comcast and Paypal to throw their considerable influence behind DNSSEC is encouraging, the US is in many respects still lagging behind other countries. Security experts attending a recent ICANN meeting in Senegal heard that the Czech Republic is now the nation with the highest penetration of DNSSEC. About 145,000 .cz domain names had been signed in October, which represented about 17% of the total. Compare that to the .com domain most often used by US companies, which has more than 100 million total registered domains, but DNSSEC penetration is only in the low thousands. It's clear the USA has some catching up to do.

But adopters in the USA have a unique barrier to adoption: Congress. The proposed Stop Online Piracy Act (SOPA) and Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PROTECT IP Act or PIPA) contain provisions that, if enacted, would threaten to break the end-to-end functionality of DNSSEC. These pieces of legislation require ISPs to intercept and redirect DNS queries for websites that are believed to be involved in piracy. In the context of DNSSEC, this is like requiring ISPs to behave like attackers, deliberately hijacking otherwise legitimate DNS queries.

DNSSEC and the redirection provisions of SOPA and PIPA are incompatible. By mandating behavior that.....

Related .....