VeriSign Will Support DNSSEC In .com By 2011

Posted by kdawson on Tuesday February 24, 2009 @09:43AM from the phish-while-you-may dept.

alphadogg writes "VeriSign has promised to deploy DNS Security Extensions, known as DNSSEC, across all of its top-level domains within two years. DNSSEC is viewed as the best way to bolster the DNS against vulnerabilities such as the Kaminsky bug discovered last year. (Yesterday we discussed the workarounds coming into place until the US government signs the Internet's root zone.) DNSSEC has been deployed on top-level domains operated by Sweden, Puerto Rico, Bulgaria, Brazil, and the Czech Republic. Two larger domains — .org operated by the Public Interest Registry and .gov operated by the US government — are deploying DNSSEC this year."

1 of 39 comments (clear)

Min score:

Reason:

Sort:

Re:erm... by Timothy+Brownawell · 2009-02-24 10:39 · Score: 2, Interesting

Because when released it will reduce the profit from their certificate signing business, as people can get end-to-end public key encryption just by updating their DNS entry.
Maybe this is the real reason behind the "Extended Validation" certificates they're pushing? Those include some verification of your real-world identity (like I thought regular certs were always supposed to have...), so they can't be replaced by dnssec.