encyclo - 9:52 am on Jun 5, 2009 (gmt 0) More about ICANN's implementation of DNSSEC here: DNSSEC – What Is It and Why Is It Important? [icann.org]
From ICANN [icann.org]:
" We’ve been working towards a signed root for more than three years. In fact, ICANN has operated a root zone signing test bed for more than two years. So ICANN is aware of the urgency around signing the root to enhance stability and security" Paul Twomey, President and CEO of ICANN said.
"ICANN has agreed to work with VeriSign and the Department of Commerce to first test, and then have production deployment of DNS Security Extensions (DNSSEC) as soon as feasible without prejudice to any proposals that may be made for long term signing processes" (...)
DNSSEC is a technology that was developed to, among other things, protect against such attacks by digitally 'signing' data so you can be assured it is valid. However, in order to eliminate the vulnerability from the Internet, it must be deployed at each step in the lookup from root zone to final domain name (e.g., www.icann.org). Signing the root (deploying DNSSEC on the root zone) is a necessary step in this overall process. Importantly it does not encrypt data. It just attests to the validity of the address of the site you visit.
More about ICANN's implementation of DNSSEC here: DNSSEC – What Is It and Why Is It Important? [icann.org]