At the end of last week, US company VeriSign announced the roll-out schedule for the authentication of.com and .net zones. From the 9th of December, .net domains are to be authenticated via keys that are based on the new DNSSEC (Domain Name System Security Extensions) protocol and stored in the Domain Name System (DNS).
Responses that don't originate from the server that was authorised for a domain will be detected when signatures are validated.
Signatures for .net domains have been available since the 29th of October, but they cannot be validated yet. Signatures for the .com zone are to follow in March; users will be able to protect their own .com domains with DNSSEC signatures shortly afterwards. This is mainly designed to prevent future cache-poisoning attacks.
The link for this article located at H Security is no longer available.
