The Irony of Comcast’s DNSSEC Rollout

An interesting story on VentureBeat points out the folly of Comcast who recently rolled out an upgrade across its network that is at odds with certain provisions of the Stop Online Piracy Act – a bill that the parent company of NBC Universal strongly supports.

SOPA gives the U.S. government and copyright holders the authority to seek court orders to block websites (DNS, ISP level, removal from search engines, and cuts off payment services and ad networks) associated with infringing intellectual property. Comcast recently implemented DNSSEC technology across its network, which adds an extra layer of security to websites that checks for a special DNS signature to prove that the site is actually what it claims to be, according to TechDirt..

In that TechDirt article Comcast admits that this new upgrade makes DNS redirects incompatible. This is an important point because those who support SOPA have said the opposite. Here's the important point – from Comcast (we highlighted the important words in the paragraph below):

"When we launched the Domain Helper service, we also set in motion its eventual shutdown due to our plans to launch DNSSEC. Domain Helper has been turned off since DNS response modification tactics, including DNS redirect services, are technically incompatible with DNSSEC and/or create conditions that can be indistinguishable from malicious modifications of DNS traffic (including DNS cache poisoning attacks). Since we want to ensure our customers have the most secure Internet experience, and that if they detect any DNSSEC breakage or error messages that they know to be concerned (rather than not knowing if the breakage/error was "official" and caused by our redirect service or "unofficial" and caused by an attacker), our priority has been placed on DNSSEC deployment — now automatically protecting our customers… "

The left hand of Comcast has no idea what the right hand is doing anymore, but they'll eventually figure it out.

Source: VentureBeat. Image Credit: Comcast

Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone

Comments are closed.