<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
span.EmailStyle20
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;
        mso-contextual-alternates:no;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal style='text-align:justify'>(sorry for cross posting)<o:p></o:p></p><p class=MsoNormal style='text-align:justify'><o:p> </o:p></p><p class=MsoNormal style='text-align:justify'><a href="http://blog.icann.org/2014/01/dnssec-surpasses-50/">http://blog.icann.org/2014/01/dnssec-surpasses-50/</a><o:p></o:p></p><div style='border:none;border-bottom:solid windowtext 1.5pt;padding:0in 0in 1.0pt 0in'><p class=MsoNormal style='text-align:justify'><o:p> </o:p></p></div><p class=MsoNormal style='text-align:justify'><o:p> </o:p></p><p class=MsoNormal align=center style='text-align:center'><a href="http://blog.icann.org/wp-content/uploads/2014/01/signed-tlds-800x564-22jan14-en.png"><span style='text-decoration:none'><img border=0 width=800 height=564 id="Picture_x0020_1" src="cid:image001.png@01CF195F.4FB14980" alt="A graph with a blue background showing the number of signed TLDs by month/year from 2010 to 2014"></span><br></a><o:p></o:p></p><p class=MsoNormal style='text-align:justify'>Through the hard work of many in the Internet community, the majority of top-level domains in the root now deploys DNSSEC.<o:p></o:p></p><p class=MsoNormal style='text-align:justify'><o:p> </o:p></p><p class=MsoNormal style='text-align:justify'>DNS Security Extensions provide the biggest security upgrade to Internet infrastructure in more than 20 years. By deploying cryptographic records alongside existing DNS records, DNSSEC-enabled systems can verify that the information received from the DNS has not been modified in transit and is what was intended by the Registrant who sent it.<o:p></o:p></p><p class=MsoNormal style='text-align:justify'><o:p> </o:p></p><p class=MsoNormal style='text-align:justify'>The 50% milestone complements a long list of successful efforts by the community and ICANN that have brought us to this point. Starting with the development of the protocols to secure the DNS in the mid-90s, trendsetting deployment by security-conscious TLDs (e.g., .se), government requirements, public vulnerability discoveries (e.g., Kaminsky), deployment at the root by an international team; to ISP and DNS operator (e.g., Google) support – the trend is clear.<o:p></o:p></p><p class=MsoNormal style='text-align:justify'><o:p> </o:p></p><p class=MsoNormal style='text-align:justify'>We have also witnessed and benefited from widespread deployment and support of DNSSEC by some Registrars in some countries (e.g., .nl, .se). And with DNSSEC support required of the over 1000 new gTLDs, we shall continue to enjoy widespread implementation of DNSSEC at the infrastructure level.<o:p></o:p></p><p class=MsoNormal style='text-align:justify'><o:p> </o:p></p><p class=MsoNormal style='text-align:justify'>But we still have a way to go. Without widespread deployment by Registrants on their domain names, end users and content providers cannot benefit from all of the security, and new and innovative opportunities that DNSSEC will bring. However, with the help of Registrars, DNS operators, vendors, ISPs, as well as the awareness and training efforts that ICANN and other organizations provide, we hope that securing Registrant DNS content, whatever it is, will become widespread and that Internet users may one day enjoy the simple trusted experience that using the ‘Net once was.<o:p></o:p></p><p class=MsoNormal style='text-align:justify'><o:p> </o:p></p><p class=MsoNormal style='text-align:justify'>Rick Lamb<o:p></o:p></p><p class=MsoNormal style='text-align:justify'>SR. PROGRAM MANAGER, DNSSEC<o:p></o:p></p></div></body></html>