News

Collective approach to internet attacks big success in the Netherlands 2014/06/30

Erik Huizer inaugurated in Internet Hall of Fame 2014/04/08

Awards February 2014 2014/04/01

Marc Gauw appointed new General Director of NLnet 2014/01/09

  Help grow the future. Donate

DNS Security Fund

DNSSEC is one of the key technologies for a safer internet - i quite literally actually, because it unlocks a mechanism for the internet user to (automatically) certify that he or she is being sent to the right computer or service on the internet. In addition, through DANE new security mechanisms can be bootstrapped effortlessly.

The DNSSEC fund is available for projects that help explore the possibilities of DNSSEC by building real world solutions, and finding novel use cases for this exciting technology.

Background information

Domain names are vital to the way we use the internet, as businesses, public institutions and private individuals. While the original system of resolving domain names was very robust and has made tremendous innovation possible, it was also found to be open to serious abuse. DNSSEC provides a cryptographic seal of authenticity that gives real proof of the validity of the domain name you use when you visit a website, chat or send an email.

With DNSSEC you get what security specialists call a chain of trust from the root of the internet to the service you want to connect to - opening the way form many new exciting opportunities. DNSSEC is being gradually introduced worldwide, country by country.

Of course it is already a big win that the chain can henceforth be trusted up to the point where providers relay the answer to the client. But this is not good enough for perfectly normal use such as using a (potentially hostile) public wifi hotspot: for end users to fully benefit from DNSSEC in such cases, the software on the end user side should be able to validate DNSSEC signatures as well - especially on sensitive data like digital security keys and certificates. Most (but not all) applications depend on higher level services to handle DNS, which means that these service stacks need to be updated in all operating systems. Specific client software using their own built-in DNS services, like realtime communication software (e.g. SIP, XMPP), messaging servers and browsers, also will need to be adapted.

Every internet user deserves to be protected by DNSSEC in all situations, yet currently end user software is ready for DNSSEC. In order to speed up the process of introduction of DNSSEC, the Netherlands-based charity NLnet foundation announces that it will open a fund where open source projects can apply for grants to work on DNSSEC in their applications. Through a lightweight and fast procedure, projects can secure funding for reengineering software to reliably work with DNSSEC. Grants will be handed out on the basis of real-world impact, urgency and technical quality of the proposals. Proposals should adhere to the normal requirements for proposals at NLnet, and be no longer than 2 pages of text.

Some technology partially or fully funded through NLnet and the DNSSEC fund

Cosponsored by:

Comcast

Calls

Send in your ideas. Next deadline Sept 1st, 2014.

  Help fundraising for the open internet with 5 minutes of your time

Are you working on applications or standards related to internet telephony, instant messaging, or presence? Check out if you qualify for a grant from the standards in real-time communication fund.

Does your application use DNS? Make sure your users are safe and use DNSSEC. Apply for a grant from the DNS Security Fund.