Innovation

Verisign Labs

We are committed to making the Internet a safe and reliable place for people to do business and interact.

Verisign Labs Graduate Intern Program

Verisign labs graduate intern program

The 2015 Verisign Labs Graduate Program has been filled. Please visit in the Fall to apply for 2016.

Learn More



Featured Expert


Featured Project

DANE Initiative

DANE (DNS-based Authentication of Named Entities) protocol is an emerging innovation of DNS that provides for secure key learning with DNS and DNSSEC. Verisign Labs scientists are working with internal and community collaborators to prototype, promote, and realize secure key learning with DANE. Try out our new S/MIME object security library (libsmaug) and DANE S/MIME plug-in for Mozilla’s Thunderbird! For more information, see our recent blog post about DANE.

Read More

Featured Collaboration

Stichting NLnet Labs (NLnet Labs for short) is a not-for-profit foundation founded in 1999 in the Netherlands. Its statutes define its objectives: to develop Open Source software and open standards for the benefit of the Internet. NLnet Labs' mission is: To provide globally recognized innovations and expertise for those technologies that turn a network of networks into an Open Internet for All. Verisign Labs collaborates with NLNet Labs on multiple topics in DNS open source and innovation, including getdnsapi.


Verisign Labs Publications

Verisign Labs Publications

Verisign Labs is committed to sharing our findings with the broader research community. Our repository makes available our researchers' publications, presentations, and industry standards contributions.

Our Publications


Verisign Labs on the Verisign Blog

Registration Operations is More Than Just Registering Domain Names

Perceptions can be difficult to change. People see the world through the lens of their own experiences and desires, and new ideas can be difficult to assimilate. Such is the case with the registration ecosystem. Today’s operational models exist because of decisions made over time, but the assumptions that were used to support those decisions can (and should) be continuously challenged to ensure that they are addressing today’s realities. Are we ready to challenge assumptions? Can the operators of registration services do things differently? 

Read More

"What's in a Name?" Using DANE for Authentication of Internet services

Do we already have strong security protections for our Internet services? For many years now, we have had numerous cryptographically enhanced protocols. Standards and suites like S/MIME, Transport Layer Security (TLS), IP Security (IPSec), OpenPGP, and many others have been mature for years, have offered us a range of protections and have been implemented by a wealth of code. Indeed, based on these protections, we already count on having “secure” eCommerce transactions, secure point-to-point phone calls that our neighbors can’t listen in on, secure Virtual Private Networks (VPN) that let us remotely connect to our internal enterprise networks, etc.  However, our Internet security protocols have all excluded a very important step from their security analyses; none of them describe a crucial step called secure key learning.  That is, before we can encrypt data or verify signatures, how does someone bootstrap and learn what cryptographic keys are needed?  In lieu of a way to do this, we have traditionally prefaced the security protections from these protocols with techniques like Out of Band (OOB) key learning (learning keys in an unspecified way) or Trust on First Use (ToFU) key learning (just accepting whatever keys are found first), and each protocol must do this separately (and potentially in its own, different, way).  This is because the protocols we use for protections have not formally specified a standardized way to securely bootstrap protocols.

Read More

Minimum Disclosure: What Information Does a Name Server Need to Do Its Job?

Two principles in computer security that help bound the impact of a security compromise are the principle of least privilege and the principle of minimum disclosure or need-to-know.

Read More