Afilias, a global provider of Internet infrastructure services, today announced that it will deploy Domain Name System Security Extensions (DNSSECs) across its registry platforms, signing 13 more top-level domains (TLDs) and increasing the total number of DNSSEC deployments among domain registries to 39.
DNSSEC development began in the early 1990s, but only recently became ready for broad deployment as an additional security measure. By introducing digital signatures to the DNS infrastructure, DNSSEC provides protection against cache poisoning, also known as the Kaminsky bug. DNSSEC also thwarts man-in-the-middle (Zeus) exploits.
The deployment is part of Afilias’ new global strategy, dubbed “Project Safeguard,” which includes a registry and DNS infrastructure upgrade across Afilias’ global technology platforms to support DNSSEC. At this point in time, there will be no DNSSEC offering to consumers, although a survey conducted by Afilias indicates that 69 percent of registrars plan such an offering in 2011 or beyond.
The major barriers to consumer-level deployment at present are consumers’ lack of consumer demand for it on the one hand, and registrars’ lack of preparedness to offer it on the other. Registrars in particular cited lack of overall DNSSEC expertise and concerns about key management as important concerns.