Changes

==DNSSEC Difficulties==

==DNSSEC Difficulties==

It is critically important to secure the DNS for ensuring overall Internet protection, but when it comes to the deployment of DNSSEC the following difficulties are encountered:

It is critically important to secure the DNS for ensuring overall Internet protection, but when it comes to the deployment of DNSSEC the following difficulties may be encountered:

# Developing backward-compatible system and standards

# Developing backward-compatible system and standards

# Logistical problems as a result of the addition of encryption keys to all Internet lookups: requires solution for updating the encryption keys without damaging the name servers.  

# Logistical problems as a result of the addition of encryption keys to all Internet lookups, which requires solutions for updating the encryption keys without damaging the name servers.  

# International conflicts which arise from the implementation of DNSSEC, renewing the debates related to "control over the Internet".  

# International conflicts that arise from the implementation of DNSSEC, renewing the debates related to "control over the Internet".  

# Conflicts among implementers related to ownership issues of the root encryption keys

# Conflicts among implementers related to ownership issues of the root encryption keys

===NASA DNSSEC Error===

===NASA DNSSEC Error===

On January 18, 2012, the National Aeronautics and Space Administration (NASA) erroneously signed the DNSSEC protocol on its domain name nasa.gov, which caused [[Comcast]] to automatically block users from accessing the site. Many thought that blocking the NASA website was a Comcast strategy to express its protest against the [[SOPA]]/[[PIPA]] legislation because the DNSSEC signing error was coincidental with the Blackout Protest. According to Jason Livingood, vice president of Internet Systems Engineering for Comcast Cable Communications, the problem was caused by a domain signing error. The Comcast DNS resolver detected that the security signatures used by the administrator of the nasa.gov domain were invalid. He also said the several .gov domain names experienced the same problem.<ref>[http://www.darkreading.com/authentication/167901072/security/application-security/232500483/dnssec-error-caused-nasa-website-to-be-blocked.html DNSSEC Error Caused NASA Website To Be Blocked]</ref>  

On January 18, 2012, the U.S. National Aeronautics and Space Administration (NASA) erroneously signed the DNSSEC protocol on its domain name nasa.gov, which caused [[Comcast]] to automatically block users from accessing the site. Many thought that blocking the NASA website was a Comcast strategy to express its protest against the [[SOPA]]/[[PIPA]] legislation because the DNSSEC signing error coincided with the Blackout Protest. According to Jason Livingood, vice president of Internet Systems Engineering for Comcast Cable Communications, the problem was caused by a domain signing error. The Comcast DNS resolver detected that the security signatures used by the administrator of the nasa.gov domain were invalid. He also said the several .gov domain names experienced the same problem.<ref>[http://www.darkreading.com/authentication/167901072/security/application-security/232500483/dnssec-error-caused-nasa-website-to-be-blocked.html DNSSEC Error Caused NASA Website To Be Blocked]</ref>  

Comcast was one of the earliest [[ISP]] service providers in North America to fully integrate the new security protocol. The company completed its DNSSEC deployment on January 10, 2012. In a statement, Livingwood confirmed that the company's 17.8 million residential customers of Xfinity Internet Service are fully supported with DNSSEC-validating DNS servers.<ref>[http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html Comcast Completes DNSSEC Deployment]</ref>

Comcast was one of the earliest [[ISP]] service providers in North America to fully integrate the new security protocol. The company completed its DNSSEC deployment on January 10, 2012. In a statement, Mr. Livingwood confirmed that the company's 17.8 million residential customers of Xfinity Internet Service are fully supported with DNSSEC-validating DNS servers.<ref>[http://blog.comcast.com/2012/01/comcast-completes-dnssec-deployment.html Comcast Completes DNSSEC Deployment]</ref>

A detailed report of the NASA DNSSEC signing error is available [http://www.dnssec.comcast.net/DNSSEC_Validation_Failure_NASAGOV_20120118_FINAL.pdf '''here''']

A detailed report of the NASA DNSSEC signing error is available [http://www.dnssec.comcast.net/DNSSEC_Validation_Failure_NASAGOV_20120118_FINAL.pdf '''here'''].

==DNSSEC Deployment Statistics==

==DNSSEC Deployment Statistics==