RTFA: http://edocket.access.gpo.gov/2008/E8-23974.htm

SUMMARY: The Department of Commerce (Department) notes the increase in interest among government, technology experts and industry representatives regarding the deployment of Domain Name and Addressing System Security Extensions (DNSSEC) at the root zone level. The Department remains committed to preserving the security and stability of the DNS and is exploring the implementation of DNSSEC in the DNS hierarchy, including at the authoritative root zone level. Accordingly, the Department is issuing this notice to invite comments regarding DNSSEC implementation at the root zone.

According to the Federal Register docket linked above, the National Telecommunications and Information Administration (NTIA) is waiting until November 24 for comments.

A comment posted to Slashdot was claiming that the new fad among State Intelligence geeks is the use of private DNS.

The most recent trend with my ex-intel friends, by the way, is to use private nameservers. I have absolutely no evidence as to why that might be necessary. I am just sayin’, that’s what they’re doing now.

Wired’s Threat Level blog serendipitously posted an update to the ongoing DNSSEC dicsussion. The real meat is here:

“We’ve got to get the root signed, it does not matter by whom,” Vixie said by e-mail. “It’s necessary simply that it be done, by someone, and that we stop anyone from arguing about whether letting someone hold the root key would make them king.”

At issue is a massive net security hole that security researcher Dan Kaminsky discovered in early 2008 that was temporarily patched in July. If not given a complete fix soon, the vulnerability could allow so much net fraud that it would strip all trust from the internet users that any website they were visiting is the genuine article, experts say.

Here’s one juicy way to force the question: As we approach the US Presidential election, millions of people will turn to the Internet for information about the candidates. Is it possible that campaign fraud will be conducted against candidates, vis-a-vis DNS Cache Poisoning, to provide false information in order to deceive voters?

RTFA recently blogged about an interesting side-effect of the DNS Cache Poisoning vulnerability, but if “people who know” are already migrating to private nameservers, has DNS deteriorated into an untrustworthy condition?