VeriSign Announces DNSSEC Deployment Support Plans
VeriSign has announced its strategic approach for working with the Internet community to deploy DNS Security Extensions (DNSSEC) in the .com and .net Top Level Domain Names (TLDs). Through a collaborative industry-wide effort, VeriSign, and the ICANN and business communities can play a part in helping to protect the Internet's Domain Name System (DNS) from "man in the middle" and cache poisoning attacks.
DNSSEC offers the potential to strengthen the infrastructure of the Internet by authenticating the origin of DNS data and verifying its integrity while moving across the Internet, the company said. DNSSEC protects the Internet community from forged DNS data by using public key cryptography to digitally sign DNS data. According to the Verisign, digital signing can assure that the data originated from the stated source and that it was not modified in transit. DNSSEC can also prove that a domain name does not exist. VeriSign is currently working with EDUCAUSE and the Department of Commerce (DoC) to deploy DNSSEC within the .edu TLD.
Ken Silva, CTO, VeriSign said, "Successfully implementing DNSSEC will involve the entire Internet ecosystem, from registrars and ISPs to browser vendors. Because the reliable operation of .com and .net is crucial around the world, we must take a cautious and orderly approach to this roll-out. VeriSign is committed to helping registrars and ISPs make the implementation decisions that are right for them."
VeriSign said that it is working closely with domain name registrars and ISPs to assist them with their DNSSEC deployment strategies. This month, VeriSign launched a technical "boot camp" program to provide registrars, ISPs and larger registrants with the tools and training they need to assess and implement DNSSEC protections. VeriSign has also established an Interoperability Lab within its research infrastructure for vendors to evaluate the interoperability of their equipment with DNSSEC. VeriSign is inviting manufacturers of computing and network equipment to its facilities for the purposes of reviewing the functionality and operations of their equipment when DNSSEC is implemented in the .com and .net TLDs.
"DNSSEC does not solve many of the most common threats to Internet security. This is why other layers of protection, such as Extended Validation SSL certificates and two-factor authentication, are so critical to making the Internet secure for everyone," added Silva.
» posted by ITworld staff
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
dnssec
Powered by TwitterOn Twitter now
dnssec
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
