The DNSSEC upgrade is transparent to end users, Comcast says. "The customer doesn't need to know about all the technology that goes on behind-the-scenes. They just need to know they are secure," Livingood says.
Vendor announcements related to DNSSEC are on the rise, too:
-- BlueCat Networks, a DNS appliance vendor, announced Tuesday that it is advising the United Kingdom central government on how best to cryptographically sign its 1,000 domain names using DNSSEC.
-- Infoblox said on Jan. 10 that it had integrated a hardware module from Thales e-Security, a leader in cryptographic key management, into its DNS appliances to ease DNSSEC deployments.
"DNSSEC is a new market for us" says Richard Moulds, vice president of product management at strategy at Thales. "DNSSEC is a new application for [public key encryption.] Crypto keys are being introduced into the DNS, and those keys need to be protected and managed, and that's what we do."
Moulds says he's seen rising interest in DNSSEC-related applications for Thales' high-assurance key management products in the last six months, since the .com domain was signed. He says it's possible that DNSSEC will take off dramatically in 2012.
"SSL went from unheard of to the default mechanism for Web privacy in about one year flat in the late 1990s," Moulds says. "We could be at the cusp of a similar deployment curve for DNSSEC if it becomes the default mechanism for integrity on the Web."
What's Next for DNSSEC?
In order for DNSSEC to be more widely adopted, experts say that Web browsers need to support the standard, too. This would allow end users to get pop-up messages when they try to visit a Web site that can't be verified via DNSSEC.
"The next frontier is to integrate DNSSEC into the security indicators of browsers," Livingood says.