Internet Engineers Collaborate On Open Source Project To Secure the Domain Name System

OpenDNSSEC lowers the threshold for ISPs, Hosting companies and Name Server
Operators to deploy secure DNS.
LONDON--(Business Wire)--
The OpenDNSSEC project announces the development of Open Source software that
manages the security of domain names on the Internet. The project intends to
drive adoption of Domain Name System Security Extensions (DNSSEC) to further
enhance Internet security. 

Industry leaders including .SE (The Internet Infrastructure Foundation),
NLNetLabs, Nominet, Kirei, SURFnet, SIDN and John Dickinson have come together
to create open source software that promises to make it easier to deploy DNSSEC.
The group's primary aim is to further protect the Internet by increasing the
security for end-users. 

Removing the manual aspect of deploying DNSSEC using the open source software is
set to make it easier for Internet service providers, web hosting companies and
name service operators to deploy DNSSEC, which will significantly increase the
number of DNSSEC users. 

Specialists can download a preview of the OpenDNSSEC technology in order to gain
experience with the OpenDNSSEC software, and give feedback to the project. It is
available from http://www.OpenDNSSEC.org

OpenDNSSEC features:

* No manual management is needed for signing a zone or managing the
cryptographic keys. The software manages the entire process from unsigned to
signed zones. 
* OpenDNSSEC is supplied with a licence that gives a green light to suppliers of
commercial products who want to utilise the open source code and include it in
their own software, without having to open up their own code. 
* The software works with all different versions of the Unix operating systems
and is suitable for both those who need to sign a few very large zones (for
example TLDs) and for those responsible for a large number of smaller zones.

Lesley Cowley, CEO at Nominet comments: "Making the Internet a more trusted
place for all is one of Nominet's main objectives. This is a key initiative for
us and we actively support and encourage the development of any software that
will create an environment safe for Internet users. We enjoyed working with
other registries who share our vision to develop this tool and will continue
working with them." 

Patrik Wallström, responsible for DNSSEC at .SE comments: "In order to spread
the use of DNSSEC to an increased number of domain names, the management
surrounding this technology must be simplified. Together with a number of
collaborators, we're developing OpenDNSSEC. Leveraging our deployment
experience, we will produce a well-packaged, easy-to-use and flexible DNSSEC
tool that eliminates all manual procedures. Those in charge of name servers no
longer need detailed knowledge about the protocol in order to use it." 

Notes to Editors

About OpenDNSSEC

OpenDNSSEC is a tool which simplifies the process of signing one or more zones
with DNSSEC. OpenDNSSEC handles the entire process from an unsigned to a signed
zone automatically, including secure key management and timing issues. With
OpenDNSSEC, fewer manual operations are needed by the operator. 

OpenDNSSEC makes sure that all the steps in signing process are done in the
correct order and at the right time, making sure that nothing breaks. The issue
of handling the private keys associated with DNSSEC signing has been secured by
using so called HSM:s (Hardware Security Modules), so that the private keys can
not be leaked to an unauthorized third party, just keeping them secured in
hardware. 

It is an open source solution under a BSD license that gives a green light to
suppliers of commercial products who want to utilise the open source code and
include it in their own software, without having to open up their own code. 

OpenDNSSEC works in all Unix-like operating systems and is suitable for those
who will only sign a single large zone (e.g. TLDs) and as well as those who have
many small zones (e.g. web hotels, ISPs). 

About Nominet

Nominet operates at the heart of e-commerce in the UK, running one of the
world`s largest Internet registries and managing over seven million domain
names. Nominet maintains the register of .uk domain names and runs the DNS
infrastructure that keeps .uk working. 

It runs the technology that locates a computer in the Internet hosting the web
site or email system you`re looking for when you type in a web address or send
an email to an address that ends in .uk. 

Nominet is a not-for-profit company limited by guarantee that has members not
shareholders, pays no dividends and its charges only cover its running costs.
Anyone with an interest in the Internet may become a member. Nominet has over
2,800 members representing all areas of the Internet industry. 

Nominet also runs the Tier 1 registry for UK ENUM, a new UK registry service
that combines telephone numbers and the Domain Name System to simplify the way
telephone calls over the Internet work. ENUM lets callers know that you can
receive VoIP calls - it allows more VoIP calls to be connected directly over the
Internet, for no charge, rather than via the traditional PSTN network. 

About NLNetLabs

NLnet Labs is based in the Netherlands and was founded in 1999 by Stichting
NLnet. It is a non-profit public benefit research foundation aimed at providing
open source and open standards tools for internet communication. 

It focuses on developments in Internet technology. It provides a bridge between
theory and practical deployment that need to be built; and areas where
development, engineering, and standardisation takes place. Stichting NLnet has
provided a long-term commitment in the form of a subsidy contract such that
NLnet Labs can guarantee support for the software it develops. It is committed
to provide maintenance for Unbound. 

NLnet Labs key activities are to develop, implement, evaluate, and promote new
protocols and applications for the Internet. Its activities are focused on
topics directly relating to the Internet's infrastructure, such as DNS, DNSSEC,
IPv6, and routing. 

About .SE (The Internet Infrastructure Foundation)

.SE (The Internet Infrastructure Foundation) is an independent utility that acts
to promote positive development of the Internet in Sweden. .SE is responsible
for the Internet's Swedish top-level domain, .se, encompassing domain name
registration and administration, as well as the technical operation of the
national domain name register. Profits from domain name registrations are used
to support projects that contribute to Internet development in Sweden. For more
information, see www.iis.se

About Kirei

Kirei AB (www.kirei.se), founded in 2005 by Jakob Schlyter and Fredrik
Ljunggren, is a consultancy company with its main focus on information security
management and network architectures. The Kirei founders have been working with
DNS and DNS Security within the IETF community since 1999 and have played an
active role in the DNSSEC standardization process as well in the deployment of
DNSSEC in several top level domains. 

About SURFnet

SURFnet is responsible for the Dutch university network and has contributed
security and cryptographic assistance. More information is available at
www.surfnet.nl. 

About SIDN

SIDN is responsible for the functional stability and development of the .nl
Internet domain. As well as registering and allocating .nl domain names, the
organisation enables Internet users all over the world to make use of these
labels at any given moment. 

About John Dickinson

John Dickinson is a DNS consultant providing Internet research and software
development services. His focus is on making DNS security simple to deploy and
manage by helping to develop and improve Open Source software. He has many years
of experience in the provision of mission critical DNS services and Internet
technology research. 



Racepoint UK
Gemma Griffiths or Elissa Fry
Tel: 020 8752 3205 / 2272
Email:nominetuk@racepointgroup.co.uk

Copyright Business Wire 2009