On Comcast’s corporate blog, Chris Griffiths, manager, DNS Engineering in Innovation, has given an update on the MSO’s production network trial of DNSSEC, a technology that adds security to DNS (the telephone book for the Internet). Comcast’s trial began in February. Griffiths wrote:
"Since that time our trials have gone very well, and the pace of DNSSEC deployments world wide has steadily moved forward.
"One key milestone for DNSSEC was the signing of the global DNS root zone on July 15th 2010. The DNS root zone is the top level of the DNS, and this signing was an important milestone in the adoption of DNSSEC. Back in April, ICANN who currently manages the root zone of the DNS system on the Internet, began selecting Trusted Community Representatives, or TCRs, to participate in their key signing ceremonies to generate the first ever DNS Root key that would be used in the signing.
"On June 16th the TCR selection was finalized and I was asked to participate in the first and second Key Signing Ceremony as a backup crypto officer. It was an honor to meet so many distinguished DNS representatives from around the world and participate in such a historic event. The ceremony was a very detailed and open process for generating the root key and took many hours to complete, but in the end the first DNSSEC key was created.
"With all this momentum, several key top-level domains have also announced recently they are ready to support DNSSEC. The first was .ORG. The other major top-level-domain was .EDU. As these large Domain registries start to support DNSSEC, it allows domain holders like Comcast to sign our domains and make them secure."
Comcast has a DNSSEC Information Center for more information.