VeriSign Announces DNSSEC Deployment Support Plans
VeriSign has announced its strategic approach for working with the Internet community to deploy DNS Security Extensions (DNSSEC) in the .com and .net Top Level Domain Names (TLDs). Through a collaborative industry-wide effort, VeriSign, and the ICANN and business communities can play a part in helping to protect the Internet's Domain Name System (DNS) from "man in the middle" and cache poisoning attacks.
DNSSEC offers the potential to strengthen the infrastructure of the Internet by authenticating the origin of DNS data and verifying its integrity while moving across the Internet, the company said. DNSSEC protects the Internet community from forged DNS data by using public key cryptography to digitally sign DNS data. According to the Verisign, digital signing can assure that the data originated from the stated source and that it was not modified in transit. DNSSEC can also prove that a domain name does not exist. VeriSign is currently working with EDUCAUSE and the Department of Commerce (DoC) to deploy DNSSEC within the .edu TLD.
Ken Silva, CTO, VeriSign said, "Successfully implementing DNSSEC will involve the entire Internet ecosystem, from registrars and ISPs to browser vendors. Because the reliable operation of .com and .net is crucial around the world, we must take a cautious and orderly approach to this roll-out. VeriSign is committed to helping registrars and ISPs make the implementation decisions that are right for them."
VeriSign said that it is working closely with domain name registrars and ISPs to assist them with their DNSSEC deployment strategies. This month, VeriSign launched a technical "boot camp" program to provide registrars, ISPs and larger registrants with the tools and training they need to assess and implement DNSSEC protections. VeriSign has also established an Interoperability Lab within its research infrastructure for vendors to evaluate the interoperability of their equipment with DNSSEC. VeriSign is inviting manufacturers of computing and network equipment to its facilities for the purposes of reviewing the functionality and operations of their equipment when DNSSEC is implemented in the .com and .net TLDs.
"DNSSEC does not solve many of the most common threats to Internet security. This is why other layers of protection, such as Extended Validation SSL certificates and two-factor authentication, are so critical to making the Internet secure for everyone," added Silva.