Dan Kaminsky Releases Phreebird for Easy DNSSEC
Today marks another key step in DNSSEC deployment. Congrats to Dan Kaminsky, chief scientist at Doxpara and one of our partners on the Practice Safe DNS campaign, on the release of his new code Phreebird.
Announced today at Black Hat Abu Dhabi, Phreebird Suite 1.0 is a free, easy-to-use toolkit that lets organizations “test-drive” DNSSEC deployment. According to Kaminsky, “Put simply, X.509 based PKI fails due to a series of problems DNSSEC simply does not have. If we can find a way to use DNSSEC to address the problem of bootstrapping trust [otherwise known as authentication] across organizational boundaries, we can start fulfilling promises made before the turn of the century.” In other words, the toolkit will enable organizations, business, vendors, and individual users to authenticate one another by automatically generating keys and providing real-time signing in roughly 30 seconds. As Kaminsky says, “When my mom receives an email from the bank, she should know it’s from the bank.”
As the first gTLD to go into full production with DNSSEC, we at .ORG have been anticipating this news since Kaminsky first demoed Phreebird at Black Hat in July. It took all of two minutes to sign a .ORG site end-to-end, dispelling the notion that DNSSEC deployment is a complex and costly process. Just two minutes. Thanks to the countless folks who have been working tirelessly on DNSSEC for many years and bringing us to the point where DNSSEC is today. Imagine the possibilities if all .ORG users – and .GOV, .NET. and .EDU users for that matter -- took just 120 seconds from their day and installed the Phreebird toolkit. Then DNSSEC could rightly claim its place as the new widespread standard for Internet security.