On Monday, 27 January 2025 13:26:06 CET Robert Wagner wrote: > FYI - EO 14144 has the following provision related to encrypting DNS: > > (c) Encrypting Domain Name System (DNS) traffic in transit is a critical > step to protecting both the confidentiality of the information being > transmitted to, and the integrity of the communication with, the DNS > resolver. (i) Within 90 days of the date of this order, the Secretary of > Homeland Security, acting through the Director of CISA, shall publish > template contract language requiring that any product that acts as a DNS > resolver (whether client or server) for the Federal Government support > encrypted DNS and shall recommend that language to the FAR Council. Within > 120 days of receiving the recommended language, the FAR Council shall > review it, and, as appropriate and consistent with applicable law, the > agency members of the FAR Council shall jointly take steps to amend the > FAR. (ii) Within 180 days of the date of this order, FCEB agencies shall > enable encrypted DNS protocols wherever their existing clients and servers > support those protocols. FCEB agencies shall also enable such protocols > within 180 days of any additional clients and servers supporting such > protocols. .... > > 2025-01470.pdf<https://public-inspection.federalregister.gov/2025-01470.pdf> > Federal Register on 01/17/2025 and available online at Nationality Act of > 1952 (8 U.S.C. 1182(f)), and section 301 of > https://federalregister.gov/d/2025-01470 EXECUTIVE ORDER U.S.C. 1601 et > seq. 14144<https://public-inspection.federalregister.gov/2025-01470.pdf> 6 > develop and publish a preliminary update to the SSDF. This update shall > include practices, procedures, controls, and implementation examples > regarding the public-inspection.federalregister.gov > If codified in FAR - then I believe all contractors will be required to > encrypt DNS as well. > > Should be interesting... > > RW
I've been skimming over this document, to try to figure out what it is that they want, and from whom. I'm by no means a legal expert and even DNS is something I'd hesitate to claim expertise beyond basic understanding in, but this seems to be aimed mostly at the US government itself? If the US President wants to enforce that from the US government branches, that is not something I'm entitled to comment on. I am not even American. But if I'm not mistaken, does that mean that this does not affect people/organizations outside the US, and possibly not even non-government providers within the US? If so, it may be a nuance worthy of note. Granted, even that doesn't mean that there wouldn't be any spill-over. Identifying those may be able to prove useful. For example, it wouldn't surprise me to learn that some of these government organizations are also using BIND? At the end of the day, it does enjoy the privilege of being the de facto standard/reference implementation. N.B.: I find it amusing how the People's Republic of China has several explicit mentions embedded within this document. It's something I tend to see from EU governmental bodies (particularly the Council) too, but they tend to separate that into their press releases. It's interesting to be able to peek behind the curtains at how each of these world-leading governments approaches this PR matter. -- Met vriendelijke groet, Michael De Roover Mail: i...@nixmagic.com Web: michael.de.roover.eu.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
