Implementation of existing standards would make the internet much more secure
"Software suppliers and service providers should be addressed individually"
We have to make the electronic world more secure, according to Vint Cerf, one of the pioneers of the internet. Cerf reckons that the biggest problem of all is spoofing, where users are directed to falsified addresses and systems, and users take on fake identities. That's why the electronic identification and authentication (validation) of online computer systems and users is such a hot topic.
Adoption increasing, but slowly
We have been promoting use of the internet security standards mentioned by Cerf -- and others such as DANE and DKIM/SPF/DMARC for e-mail -- for some time. For example, we have an incentive scheme for registrars [DANE], we publish technical information [DNSSEC, IPv6], we hold knowledge sessions [IPv6, DANE] and we run public information campaigns. The Platform for Internet Standards (internet.nl) also works to promote modern internet (security) standards [mail], but its focus is specifically on Dutch government bodies. Our surveys of IPv6 and DNSSEC use and reports published by the Forum for Standardisation show that adoption of the relevant standards is definitely increasing, but that progress is frustratingly slow. What's more, the Netherlands lags behind other comparable countries when it comes to use of IPv6 and DNSSEC validation. The strong growth of DNSSEC validation in Belgium this year underlines the importance of support from the main market players.
Plenty of scope for improvement
Better internet security and stability doesn't therefore depend on the development of new standards. A great deal could be achieved simply by implementing the standards we've already got -- some of which have been around for a long time. That's clear from the report on a recent APNIC deployathon for RPKI, DNSSEC, DMARC and TLS. It's also vital that suppliers upgrade their tools and services, as previously pointed out by Bart Knubben of the Forum for Standardisation: "It's important that software suppliers and service providers make the standards easy to implement, or -- even better -- make support for the standards the default position." He believes that both government organisations and their major service providers should be individually urged to take action.