Implementation of existing standards would make the internet much more secure

"Software suppliers and service providers should be addressed individually"

We have to make the electronic world more secure, according to Vint Cerf, one of the pioneers of the internet. Cerf reckons that the biggest problem of all is spoofing, where users are directed to falsified addresses and systems, and users take on fake identities. That's why the electronic identification and authentication (validation) of online computer systems and users is such a hot topic.

Cerf highlights SSL certificates (TLS), DNSSEC, two-factor authentication (2FA), and HTTP Strict Transport Security (HSTS) as vital security technologies for tackling spoofing.

Adoption increasing, but slowly

We have been promoting use of the internet security standards mentioned by Cerf -- and others such as DANE and DKIM/SPF/DMARC for e-mail -- for some time. For example, we have an incentive scheme for registrars [DANE], we publish technical information [DNSSEC, IPv6], we hold knowledge sessions [IPv6, DANE] and we run public information campaigns. The Platform for Internet Standards (internet.nl) also works to promote modern internet (security) standards [mail], but its focus is specifically on Dutch government bodies. Our surveys of IPv6 and DNSSEC use and reports published by the Forum for Standardisation show that adoption of the relevant standards is definitely increasing, but that progress is frustratingly slow. What's more, the Netherlands lags behind other comparable countries when it comes to use of IPv6 and DNSSEC validation. The strong growth of DNSSEC validation in Belgium this year underlines the importance of support from the main market players.

APNIC-DNSSECvalidationBE-20191101

Plenty of scope for improvement

Better internet security and stability doesn't therefore depend on the development of new standards. A great deal could be achieved simply by implementing the standards we've already got -- some of which have been around for a long time. That's clear from the report on a recent APNIC deployathon for RPKI, DNSSEC, DMARC and TLS. It's also vital that suppliers upgrade their tools and services, as previously pointed out by Bart Knubben of the Forum for Standardisation: "It's important that software suppliers and service providers make the standards easy to implement, or -- even better -- make support for the standards the default position." He believes that both government organisations and their major service providers should be individually urged to take action.

Comments

  • Monday 1 October 2018

    SIDN Labs

    KSK Key Roll Last Call

    Thumb-warning

    Root zone's DNSSEC KSK rollover is going ahead!

    Read more
  • Monday 15 April 2019

    Internet security

    Boost your security awareness!

    iStock-876819100-laptop-inloggen-met-mobiel-thumbnail

    Check the practical tips to make you and your staff more aware of on-line security issues

    Read more
  • Thursday 11 October 2018

    .nl domain name

    Pancake restaurant's website gets forty thousand visitors after Lubach prank

    Thumb_ZondagmetLubach_Arjen-Lubach_C_-Merlijn-Doomernik

    It pays to take a critical look at your domain name portfolio

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.