“helps us with speed and support,” says Michael Kraft, ISC’s DLV program manager.

Afilias and Neustar bring added redundancy by supporting the DLV registry in their operational points across the world. ISC distributes the updates of signed domain keys it receives, and Kraft notes that there are approximately 877 of these types of DNSSEC DLV signed keys today, based on public-key encryption, that can be used for secure domain-name identification. Kraft says he doesn’t know how many ISPs are using DLV today.

Rodney Jaffe, senior vice president at NeuStar, says the ISC DNSSEC DLV registry represents a more efficient way for service providers to manage signed domain keys than by managing each key separately and manually. “This helps make DNSSEC easier to administer,” Jaffe says.

The is intended to prevent fraud such as phishing and cache-poisoning through a DNS look-up of a signed domain name, Jaffe points out. “With online fraud, someone will try to spoof or hijack a Web site,” says Jaffe. DNSSEC can be used to prevent these types of attacks.

The DNSSEC effort remains a , with VeriSign expected to root-sign the top-level domain .com sometime in the near future, Kraft says. But participation in the DNSSEEC effort does not rely on root-signing of the top-level domain, he adds, noting that an enterprise can register encryption keys for their domains directly with ISC.