VeriSign, Inc.,the trusted provider of Internet infrastructure for the networked world, announced its strategic approach for working with the Internet community to deploy DNS Security Extensions (DNSSEC) in the .com and .net Top Level Domain Names (TLDs).
Through a collaborative industry-wide effort, VeriSign, and the ICANN and business communities can play a part in helping to protect the Internet's Domain Name System (DNS) from "man in the middle" and cache poisoning attacks.
DNSSEC offers the potential to strengthen the infrastructure of the Internet by authenticating the origin of DNS data and verifying its integrity while moving across the Internet. DNSSEC protects the Internet community from forged DNS data by using public key cryptography to digitally sign DNS data. Digital signing can assure that the data originated from the stated source and that it was not modified in transit. DNSSEC can also prove that a domain name does not exist. As a result, DNS queries and responses are protected from the kind of forgeries that could possibly redirect Internet users to phishing and pharming sites, or "man in the middle" attacks that intercept communications between two systems.
VeriSign has made a careful and methodical roll-out of DNSSEC a strategic priority and is currently working with EDUCAUSE and the Department of Commerce (DoC) to deploy DNSSEC within the .edu TLD. VeriSign is applying lessons learned from its partnership with EDUCAUSE as well as industry-wide best practices from early DNSSEC implementations. Starting with smaller scale implementation and progressively increasing in size and learning from deployment experience, VeriSign anticipates completing DNSSEC implementation on .net and .com by the first quarter of 2011.
More details you can find here .