Verisign has begun working with the internet community to
deploy DNS Security Extensions
(DNSSEC), which
could put a stop to phishing scams.
The internet security company is working to roll out the DNSSEC
security standard across all .com and .net top-level domain names
(TLDs) to protect users against
man-in-the-middle-style attacks.
The collaborative industry-wide effort will see Verisign, ICANN
and business communities use DNSSEC to strengthen the
infrastructure of the internet. DNSSEC works by authenticating the
origin of DNS data and verifying its integrity while moving across
the internet. Verisign said DNSSEC protects the internet community
from forged DNS data by using public key cryptography to digitally
sign DNS data.
DNSSEC can also prove that a domain name does not exist,
according to Verisign. DNS queries and responses are protected from
the kind of forgeries that could possibly redirect internet users
to phishing and pharming sites, or man-in-the-middle attacks that
intercept communications between two systems.
VeriSign anticipates completing DNSSEC implementation on .net
and .com by the first quarter of 2011.
Ken Silva, CTO of Verisign, said "Successfully implementing
DNSSEC will involve the entire internet ecosystem, from registrars
and ISPs to browser vendors. Because the reliable operation of .com
and .net is crucial around the world, we must take a cautious and
orderly approach to this roll-out. Verisign is committed to helping
registrars and ISPs make the implementation decisions that are
right for them."