Want CNET to notify you of price drops and the latest stories?

Crypto donated for domain system

RSA Data Security will donate encryption software to a nonprofit group that creates software for the Internet's Domain Names System.

2 min read
In an effort to reduce unwanted email and Internet fraud, RSA Data Security will donate encryption software to a nonprofit Internet group that creates software to route email and Internet traffic to their proper locations.

By boosting security for the DNS (Domain Names System), RSA and the Internet Software Consortium (ISC) say they can cut down on address spoofing, a common procedure used by malicious hackers, as well as cut down on spam.

The gift takes the form of a free license for RSA's DNSsafe software, a security engine designed to prevent address spoofing on the Internet. DNSsafe implements a proposed Internet Engineering Task Force standard called DNSsec.

"What we're announcing today will go a long way to make it more difficult for people to spoof," said Jim Bidzos, president of RSA, now a subsidiary of Security Dynamics (SDTI).

The move is designed to make users more confident about who they are communicating with over the Internet by making it hard to forge domain name data.

The DNSsafe software allows developers to add RSA digital signatures to their software that implements the Domain Name System, a networking protocol that acts like directory assistance on the Internet by translating host names into IP (Internet protocol) addresses.

"We will see a more secure Internet in 1998," said Carl Malamud, chairman of Internet Software Consortium, which is affiliated with the Internet Multicasting Service.

"This is a major change in a fundamental piece of code that is part of the Internet's installed base, analogous to moving from Windows 3.1 to Windows 95," he added. "This means DNS software can be embedded in routers, firewalls, and all the devices on the Internet."

Indeed, RSA hopes giving DNSsafe to the nonprofit group will increase the market for the product. "This will probably create many, many more licensing opportunities for us," said Bidzos. "We feel there are sound business reasons for doing this."

ISC is a little-known industry group that provides and maintains a version of DNS software called BIND, the Berkeley Internet Name Daemon. It also implements and maintains publicly available code for several other Internet protocols. Its $700,000 1997 budget is funded in part by major donors Network Solutions, which runs the InterNIC naming system for Internet addresses, and Usenix.

RSA and ISC suggest the Domain Name System could become part of the Internet's infrastructure for publishing cryptographic keys, which are used to encrypt and decrypt sensitive data. Other protocols that use authentication also could use the DNS security infrastructure, or software to set up a secure connection could retrieve a Web server's public key from the DNS system.

Although DNSsec uses encryption, RSA and ISC expect it will be available worldwide because it offers authentication of user identities and does not scramble data to make it private.

The DNSsafe software is expected to be available free by year's end, although Malamud said the target date is a December 7 meeting of the Internet Engineering Task Force.