Font size:
Page background:
Letter spacing:
Images:
Disable visually impaired version close
Version for visually impaired people
News

"If you think you understand quantum mechanics, you don't understand quantum mechanics"

A workshop on DNSSEC and security was held during ICANN 73.

The workshop was opened by ISOC Senior Content Strategist Dan York. He provided an overview of the use of DNSSEC, DANE and RPKI technologies in the World and also gave statistics on the use of DNSSEC in ccTLD.

Later there was a discussion with a rather futuristic title "DNSSEC and Quantum Cryptography". The problem is that the cryptographic algorithms used today in DNSSEC can be cracked in the future with sufficiently powerful quantum computers.

Robin Wilton, ISOC representative, was the first speaker. He spoke about the general idea of quantum computing, the physical principles underlying it, the basics of quantum cryptanalysis and post-quantum cryptography. As the speaker himself explained, the need for such “introduction to the theme” is best explained by a quote from Nobel laureate Richard Feynman: “If you think you understand quantum mechanics, you don’t understand quantum mechanics.”

ICANN Representative Paul Hoffman spoke about the document developed by the technical division of the Corporation, dedicated to the problem of quantum computing in terms of the DNS.

He expressed doubt that the problem of potential hacking of cryptographic algorithms used in DNSSEC will become relevant in the next ten (or even more than one dozen) years, and in conclusion he shared the idea that if a sufficiently stable quantum computer is created, DNSSEC will not be the first goal for hacking.

Also, reports on the results of testing the FALCON-512 post-quantum cryptography algorithm and the possibility of using hash-based cryptography to create DNSSEC signatures were presented as part of the discussion.

Participants also discussed the possibility of replacing the root zone crypto algorithm with one of the post-quantum cryptography algorithms at the end of the debate. They agreed that such a replacement and subsequent rotation of the keys will require a huge effort from all parties involved and the development of a clear regulation of actions.

The moderator of the second part of the seminar, devoted to various aspects of DNSSEC automation, was Steve Crocker, one of the founders of the Internet. He spoke about the work done in this direction and what needs to be done.

Brian Dixon, a representative of one of the largest domain name registrars GoDaddy, shared a new method for updating DS records that this registrar offers.

The rest of the presentations in this part of the seminar were devoted to the implementation of DNSSEC data synchronization, the development of a standard dedicated to the DNSSEC Bootstrapping automation method, DS automation mechanisms, formulation of recommendations and so on.

The participants of the third and final part of the workshop shared the results of a study of top-level domains authoritative servers, discussed a vulnerability that makes it possible to use sending letters with fake data using the open mail forwarding functionality of popular mail services, and shared their views on key metrics for measuring the effectiveness of DNSSEC technology.

Previous News Next news