A proposal (http://www.icann.org/en/announcements/dnssec-proposal-09oct08-en.pdf) [PDF, 276K] to sign the root zone file with Domain Name System Security Extensions, or DNSSEC, technology was released by ICANN today.DNSSEC provides a way for software to validate that Domain Name System (DNS) data have not been modified during Internet transit. This is done by incorporating public-private signature key pairs into the DNS hierarchy to form a chain of trust originating at the root zone. Importantly, DNSSEC is not a form of encryption. It is backward compatible with existing DNS, leaving records as they are – unencrypted. DNSSEC ensures record integrity through the use of digital signatures that attest to their authenticity.
