Using my own DNS Check tool I noticed that the .gov is now signed using DNSSEC. This means that the government has actually met its schedule on this one. But there are a few issues:

1. Who actually signs it? NIST? DHS? Some other agency? This is important for answering #2.

2. How do we validate this key? How do we know this isn't a hacker's key? The agency that maintains the key should distribute a hash of the public key so that we know its the real deal.

I'm hoping in the near future all of this information will come out, but until it does, .gov isn't really any better off than it was before.

UPDATE [2-18-2009]: Apparently GSA is responsible for .gov and DNSSEC. It is still considered in experimental stages and keys may change, therefore no final key information is available for validation yet.

UPDATE [3-1-2009]: GSA has posted the .gov public key on their website.

Northwest airlines has begun issuing eboarding passes for select flights from Detroit, Indianapolis, and Minneapolis. The way it works is by following the usual online checkin procedure, but you are given an additional option to use an eboarding pass. You are then asked for an email address or phone number (text message) to send the url for your eboarding pass. If you choose to use your phone, you will be asked for the carrier along with your phone make and model. This is presumably to ensure that the boarding pass is provided in a format that is compatible with your phone. My phone (Motorola Z9) wasn't listed, but I chose a RAZR instead as they use very similar screen sizes and software and I didn't have any problems.

Upon checking in I was able to bring up my boarding pass on a third party website without a need for any further authentication. It consists of a WML format page with a gif image of an aztec 2D barcode at the top followed by standard boarding pass text. The barcode appears to include the standard boarding pass information without any type of digital signature.

When I got to the airport security checkpoint I never had to actually hand my phone over or even show my eboarding pass to another person. The eboarding pass scanner took about 15 seconds to boot up and I simply placed the barcode against the scanner and it displayed my name and other information for the security agent. There was an issue getting it to scan because the backlight on my phone was not on at first. He then checked my ID and I proceeded through security as normal. Next I walked through the metal detector and was asked for my boarding pass by the security officer. I simply stated that I used an eboarding pass and was allowed to continue. Therefore I question the effectiveness for only checking print boarding passes at this point.

Finally, boarding the plane was simple. I simply placed my phone against the scanner at the gate and was cleared to board.