The Internet is no worse than a private network when it comes to reliability and security. But it does require users to employ a different approach. On the Internet, the user must take responsibility for end-to-end authentication of messages and ensure that only certified messages pass through to the application. Cryptography based on public/private keys is the only 100 percent reliable technique, assuming the secret keys are properly managed.

The .aero domain is under the direct and permanent control of the air transport community. So it has the potential to deliver a degree of domain security and stability for airports and airlines that satisfies highly specific needs of the air transport community.

In the near future, the DNS can be used to distribute public keys between airline application systems, removing a complex and time-consuming exercise. Details were presented in a report by .aero to IATA's Information Management Council (IMC) in November 2004. A copy can be requested from aero.enquiries@sita.aero.

Read more about DNS insecurity, pharming and how DNSSEC can solve the problem.

DNSSec - Development update

.aero recently brought together the Internet's technical community working on the deployment of DNSSec and addressing security threats to the Internet, with representatives from the aviation community.

Together they discussed deployment of a new security protocol DNSSEC globally and Internet security and stability in the context of air transport community and explored what the Internet's engineering community is doing to secure DNS. Also under discussion was how and why the US government is supporting deployment of a new security technology in DNS

Keynote speaker was Dr. Steve Crocker, Shinkuro, Chair of ICANN's Security and Stability Advisory Committee. Panelists included – Julien Holstein, Airbus. Gary Cooper, ARINC. Dave Coombs, Carillon and Marie Zitkova, head of .aero.SITA

The conclusion of the workshop was that -

• Air transport and internet engineering community need to work more closely ("SLA requirements by ATI to Internet")
• Naming will become critical, .aero platform is a basis to work from

A summary of the meeting will shortly be made available on this site.

The DNSSec deployment group now offers a simple way to monitor progress in this important initiative through a new monthly newsletter that will offer updates on new policies, early adopters and advances in DNS security extension development.

You can download copies from their website at: www.dnssec-deployment.org/news/dnssecthismonth/ or: download the latest pdf here.