Forgot your password?
typodupeerror
Security

+ - Security consultants warn about PROTECT-IP Act->

Submitted by epee1221
epee1221 (873140) writes "Several security professionals released a paper (PDF) raising objections to the DNS filtering mandated by the proposed PROTECT-IP Act. The measure allows courts to require Internet service providers to redirect or block queries for a domain deemed to be infringing on IP laws. ISPs will not be able to improve DNS security using DNSSEC, a system for cryptographically signing DNS records to ensure their authenticity, as the sort of manipulation mandated by PROTECT-IP is the type of interference DNSSEC is meant to prevent. The paper notes that a DNS server which has been compromised by a cracker would be indistinguishable from one operating under a court order to alter its DNS responses. The measure also points to a possible fragmenting of the DNS system, effectively making domain names non-universal, and the DNS manipulation may lead to collateral damage (i.e. filtering an infringing domain may block access to non-infringing content). It is also pointed out that DNS filtering does not actually keep determined users from accessing content, as they can still access non-filtered DNS servers or directly enter the blocked site's IP address if it is known.

A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to "decay into a lawless Wild West."

Paul Vixie, a coauthor of the paper, elaborates in his blog."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Security consultants warn about PROTECT-IP Act

Comments Filter:

"I've seen the forgeries I've sent out." -- John F. Haugh II (jfh@rpp386.Dallas.TX.US), about forging net news articles

Working...