"I think having .com do [DNSSEC] is going to make it easier and more popular," Semich says. The .nu domain has supported DNSSEC for four years, but Semich says that less than 1% of .nu names are signed.
"The fact is that most people don't know about DNSSEC or care," Semich says. "In some ways, it's up to the governments to do communication about it and to set the standards."
Even VeriSign has seen limited adoption of DNSSEC features on the .edu and .net domains that it operates.
Only 53 .edu names are signed, even though more than 2,200 colleges, universities and educational institutions belong to the .edu sponsor Educause. Similarly, only 262 .net names -- out of more than 13 million registered .net names -- are taking advantage of DNSSEC features.
VeriSign says the biggest holdup is domain name registrars, who haven't figured out a viable business model for offering DNSSEC services.
"We're helping registers implement DNSSEC by giving them a tool -- the DNSSEC Signing Service -- that would drive adoption but minimize costs," Kane says. "Hopefully that will help them achieve a critical mass so then the registrar could move over to have customers paying for it or to build additional services around it."
Kane says he's hoping that within a year, half of the .com registrars will be supporting DNSSEC for their customers, who are the website operators.
"I'm going to measure success in adoption by the registrars in their provisioning models and check-out processes," Kane says. "If I have half of the registrars provisioning DNSSEC a year from now, that would be successful."
Read more about wide area network in Network World's Wide Area Network section.