"Once .com is signed, then I think you're going to have that rush of adoption," says Sean Leach, CTO of Name.com, a domain name registrar. "Right now we see the early adopters. Most of them have DNS servers set up, and they are testing how to upload their keys and push them into the registry...I see a lot of banks, and I see a lot of the e-commerce companies that are all in that wait-and-see mode."
Leach says that he has dozens of customers who are testing DNSSEC out of the 1 million names that his company has registered. "Most of the DNSSEC requests we see are in .org, but we also see a lot in .se," Leach says.
But until DNSSEC is widely deployed from the top to the bottom of the DNS hierarchy, Web sites remain vulnerable to Kaminsky-style attacks.
"One of the problems with DNSSEC is that it requires all of the Internet ecosystem - from the DNS servers to the end user's software - to have it deployed or it loses its usefulness," says Rodney Joffe, founder and chairman of UltraDNS, a division of NeuStar that provides managed DNS services. "We still don't have many registrars with the ability to sign domains....Until you start seeing applications on the desktop enabled with DNSSEC, it's still some time away."
Read more about wide area network in Network World's Wide Area Network section.