A Sense of Identity

Note: I've decided to rewrite most of the last half with a new analogy that will make my argument as a whole more unified. The idea is the internet is like New York City. It's all based on communities, that are extremely diverse, Homeless people and Wall Street experts sharing the same city. Everything has a systematic address, so to find something, you call the Directory Service. That's what DNS is. Once you have the address, you go. It's a very flexible and fast system. DNS-SEC aims to have that directory service send you a personal escort to confirm the address and your destination. Yeah, that's secure, but it would jam up the city. It wouldn't be flexible, and no one would be able to get anywhere fast. If there is a concept that I fail to explain, let me know specifically which word, phrase or concept is unclear, so I know to spend more time on it. Thanks!


Societies have always centered around a valuable commodity. Ancient Egypt flourished because of the slave trade. The robber barons of the twentieth century struck proverbial gold when they invested in the industrial revolution. Entire governments have risen and fallen because of diamonds, gold, and oil; he who controlled the source, controlled the world. Ours, however, is undeniably a society that thrives on the Internet, where the farmer, the miner and the merchant are merely supplying the day to day necessities of life and nothing more. These days, the man who controls the world is the man who controls information. Silicon valley gave rise to the most powerful corporations of today, and some of the most complex legal disputes. So the question ought to be asked, what changed the Internet from an academic research project into a way of life? The answer is two-fold: ease of use, and availability. The "dot-com" moniker strongly implies this convenience and customization. Names like Google, Amazon and MySpace have become household names around the world - leading users to expect such convenience, customization and speed from every service.
The Domain Name Service, or DNS, although practically unheard-of by the lay-person, was perhaps the biggest factor in bringing the Internet into the home and the workplace. DNS enables a user to refer to a computer or network with a descriptive name. Instead of having to type a numerical network address, a person can now simply type "MySpace.com" and get to where they want to go. This easily memorized system gave the Internet a sense of identity - which makes DNS a double-edged sword: a means of indentity theft. DNS was designed in a more trusting time, when identity theft was practically unheard of. There were hardly any threats to network security, now was the Internet used for such confidential, commercial matters. Furthermore, DNS is just one link in a long chain of systems required to make the World Wide Web function correctly, making speed the key issue. As such, DNS has several shortcomings when it comes to security. An idea known as DNS-SEC has been proposed, that is nothing more than a set of extensions to the DNS system. It provides for "digital signatures", or fingerprints between different computers of the DNS system, making it harder to carry out these attacks.
As is the case with many issues, people who are not completely informed on the topic are pressuring the government to get involved and enforce this system. Unfortunately, the government is all to happy to oblige, and is quite eager to make their mark. A small amount of government involvement is certainly good. Someone, for instance, has to govern the DNS system and regulate the registration of domain names. The Government is even partly responsible for the mere existence of the Internet and the infrastructure that makes it possible. So the Government is not without claim to authority regarding the Internet, but in this case it would be best if they were not involved. The best things in the internet have always been community based, leading to powerful flexibility and extremely effective applications. Furthermore, DNS-SEC does have drawbacks, and altshough these drawbacks have been partially overcome over time, switching to this system on a large-scale will simply not solve enough problems to justify the side-effects. DNS-SEC is not the best solution in every situation. Implementing DNS-SEC would be somewhat like putting a Band-Aid on a gunshot wound. Yes, it is a step in the right direction, but there are more serious problems that need to be addressed before progress can be made. For these reasons and more, other solutions need to be considered.
The best definition that can be given for the Internet, is a group of computers from around the world that have been connected in a network to enable communication, cooperation, and sharing. It just so happens, that that is a text-book example of a community. It's no wonder, then, that the Internet has always been primarily community-driven. The biggest names on the web are communities themselves: eBay, Facebook, YouTube, Craigslist. Almost everything to do with the Internet at least _supports_ the idea of a community: email, instant messenger, search engines like Google. Because the Internet is so community-oriented, it is best if it is governed by a community. Even the technical specifications that govern the Internet are based on a community - even DNS-SEC itself! Instead of a single body like the U.S. government presenting and enforcing a standard, documents known as "Requests For Comments", or RFCs, are released on mailing lists and web sites. They are drafted by experts and recognized authorities in the field, and then published so that other enthusiasts and professional can critique the plan; changes are made, security problems are found and reported, and the solution progresses. When a general consensus is reached, it becomes the de facto standard. To exemplify how effective this is, consider the Hypertext Transfer Protocol, or HTTP, that is the result of an RFC. Virtually any transmission between a web browser and a standard web site takes place using this protocol, hence the "http://" at the beginning of web addresses. On the other hand, the government has a history of making bad decisions in the absence of professionals. In all fairness, most professionals are in favor of the government adopting DNS-SEC, but adoption is not the only issue at hand; it's the continued maintenance of such a complex system.
Privacy concerns are also at stake whenever the government gets more involved with the Internet. It was recently discovered in the UK that the British government had been spying on it's residents by means of "deep packet sniffing", which is essentially collecting the raw data that gets sent over a network. Although very complex and hard to read, they were able to archive personal information about people based on the data. The more people rely on governing bodies to provide their security and confidentiality, and expect that trust to be fulfilled, the more they will be let down.
DNS-SEC simply does not provide protection against attacks to justify the drawbacks. The major concern about DNS-SEC is not how trust-worthy its operators are, but how much it slows a network down. Consider a locking door. A door with no lock can be used by anyone for any purpose. To make the door more "secure", locks can be added. Users may be required to use a key, or a combination. The drawback, however, is that the more secure the door gets, the longer it takes to open. Likewise, with DNS-SEC, exchanging the "digital signatures" takes time, and requires that more information be sent across a network. Only a certain amount of information can flow through a certain network every second. So if all the computers that manage the flow of data through the Internet around the world were to require, say, twice as much information before 'opening the door', the Internet would become extremely sluggish and unresponsive. Now that it's the backbone of our economies, that is simply unacceptable. Experts have predicted that the delay caused would be minimal under current situations, but growth is expected and will only exacerbate the problem.