Verisign has begun working with the internet community to deploy DNS Security Extensions (DNSSEC), which could...
put a stop to phishing scams.
The internet security company is working to roll out the DNSSEC security standard across all .com and .net top-level domain names (TLDs) to protect users against man-in-the-middle-style attacks.
The collaborative industry-wide effort will see Verisign, ICANN and business communities use DNSSEC to strengthen the infrastructure of the internet. DNSSEC works by authenticating the origin of DNS data and verifying its integrity while moving across the internet. Verisign said DNSSEC protects the internet community from forged DNS data by using public key cryptography to digitally sign DNS data.
DNSSEC can also prove that a domain name does not exist, according to Verisign. DNS queries and responses are protected from the kind of forgeries that could possibly redirect internet users to phishing and pharming sites, or man-in-the-middle attacks that intercept communications between two systems.
VeriSign anticipates completing DNSSEC implementation on .net and .com by the first quarter of 2011.
Ken Silva, CTO of Verisign, said "Successfully implementing DNSSEC will involve the entire internet ecosystem, from registrars and ISPs to browser vendors. Because the reliable operation of .com and .net is crucial around the world, we must take a cautious and orderly approach to this roll-out. Verisign is committed to helping registrars and ISPs make the implementation decisions that are right for them."