"DNSSec (Domain Name System Security Extension), which uses digital signatures to guard against forged requests, offers a means of making internet naming systems more secure. But even 15 years after the standard was developed its adoption remains low.
Mockapetris blames problems in making the technology easy to deploy, delays in developing DNSSec-aware apps, and political wrangles in holding back adoption of the technology. Arguments about whether or not to give VeriSign the role of a trusted third party signing root keys have acted as a roadblock but Mockapetris reckons difficulties in making the technology easy to apply are the greatest obstacle to its deployment.
"There were five years of good work in there to roll out the technology but on top of that we've had 10 years of political and technical dithering," Mockapetris said.
Only a massive blockbuster attack or applications that require DNSSec are likely to spur adoption of the technology, which has never really got out of first gear."