VeriSign announced on Monday that they are working with ISP’s and domain registrars to rollout DNSSEC (DNS Security Extensions) protection on the.net and .com TLDs, and expect the undertaking to be complete by Q1 2011.
VeriSign says DNSSEC upgrade will be complete by 2011.
Through a massive industry-wide effort, VeriSign hopes to strengthen DNS from "man in the middle" and cache poisoning attacks. DNSSEC protects from forged DNS data by using public key cryptography to sign DNS data. Digital signing assures that the data originated from the stated source and that it was not modified in transit.
DNSSEC can also prove that a domain name does not exist. As a result, DNS queries and responses are protected from the kind of forgeries that could possibly redirect Internet users to Phishing and Pharming sites, or "man in the middle" attacks that intercept communications between two systems.
So far, VeriSign has made a methodical roll-out of DNSSEC a strategic priority and is currently working with EDUCAUSE and the Department of Commerce (DoC) to deploy DNSSEC within the .edu TLD.
Taking the lessons learned from working with EDUCAUSE, as well as industry-wide best practices from early DNSSEC implementations, VeriSign anticipates completing DNSSEC implementation on .net and .com by the first quarter of 2011, by starting with smaller scale implementations first and increasing in size until the rollout is complete.
VeriSign is working closely with registrars and ISPs to assist them with their DNSSEC deployment strategies. To that end, VeriSign launched a technical boot camp of sorts this month to provide registrars, ISPs and larger registrants with the tools and training they need to assess and implement DNSSEC protections.
"Successfully implementing DNSSEC will involve the entire Internet ecosystem, from registrars and ISPs to browser vendors. Because the reliable operation of .com and .net is crucial around the world, we must take a cautious and orderly approach to this roll-out. VeriSign is committed to helping registrars and ISPs make the implementation decisions that are right for them," said Ken Silva, CTO of VeriSign.
"DNSSEC is an important component of cyber security, but not a silver bullet," added Silva. "DNSSEC does not solve many of the most common threats to Internet security. This is why other layers of protection…are so critical to making the Internet secure for everyone."
VeriSign has also established an Interoperability Lab within its research infrastructure for vendors to evaluate the interoperability of their equipment with DNSSEC. They’re inviting computing and network equipment manufacturers to their facilities so that they can review the functionality and operations of their equipment when DNSSEC is implemented in the .com and .net TLDs.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story