The Domain Name System publishes records such as \"softwarelivre.org has IP address 200.169.21.196\". Attackers can easily exploit the DNS protocol to selectively forge web pages and steal Internet mail.

DNSSEC, a project to add cryptographic protection to DNS, has received millions of dollars of U.S. government grants and after fifteen years still has not stopped any attacks. This talk will explain the design of DNSSEC, and in particular will explain how DNSSEC\'s fear of cryptographic overload forced DNSSEC down a path of unreliability, insecurity, and unusability.

Daniel J. Bernstein is a Research Professor in the Department of Computer Science at the University of Illinois at Chicago. He is the author of two of the Internet\'s most popular server software packages, djbdns and qmail, and the lead developer of a new easy-to-use public-domain software library for high-speed cryptography. Prof. Bernstein\'s current mission is to cryptographically protect every Internet packet.