We’ve been checking our DNS servers at Broadsight in view of the recent vulnerability to the DNS system found by Dan Kaminsky. In a nut shell, the vulnerability means that unpatched DNS caches can be “poisoned” into remembering the wrong IP address for a server. If a person, company or their ISP is affected, any or all Internet applications can be redirected to a malicious server. This means that email, web, IM or even software updates could be subverted. For more info, see Bruce Schneier’s Blog

This issue set us off thinking about trust and identity on the net, which is something we keep coming back to. The interesting thing about the DNS problem is that the DNS system is not meant to be very secure. If you want to check who you are talking to on the Internet (or any untrusted network) there are perfectly good technologies to do just that e.g. X.509 certificates, SSL, SSH, etc. The problem is that people are not very good at using them. For example, there are plenty of phishing scams that obscure the real server identity, simply by showing a “fake” address in the visible part of the hyperlink. Many people have revealed their banking passwords in spite of the fact that the certificate must have been invalid or missing. Of course, it’s not all the fault of the users. Many websites that handle sensitive data don’t use SSL (LinkedIn is an honourable exception, by the way). I guess this is partly cost and partly ease of use. Security always takes some time and effort.

So, supposing that your DNS is working properly, all that it tells you is that you are connected to a server that is registered with the name it’s registered with. You don’t really know who runs it or whether they can be trusted. Obviously, many user stick to well known brands like Google and Amazon for this reason. They may trust recommendations via word of mouth (off net or on discussion boards.) There are also some sites that rate other sites, but who guards the guardians? We can see scope for a system of federated delegation of trust, so trust can be securely passed on via social networks. Of course, there are sites that do this internally (notably eBay) and that has been very successful, but is limited to the site in question. It’s also quite one dimensional. Trust should be a richer concept than that. For example, I might trust my accountant to do my taxes and my doctor to diagnose an illness, but not the other way round.

As more of life is conducted on the net, it will more and more become important to present identity and trust in ways that users can understand and use appropriately for the task at hand, from reading wibble on a discussion board right the way up to eCommerce and banking. I think it will be the mid-range activities that will be hardest to get right. Already, the banks are locking down their security, so criminals will be looking for softer targets e.g. pump and dump. Think how effective that would be if someone had subverted the website at the Financial Times?