Verisign Labs

We are committed to making the Internet a safe and reliable place for people to do business and interact.

Verisign Labs Graduate Intern Program

Verisign labs graduate intern program

Now accepting applications for the 2016 Verisign Labs Graduate Program.

Learn More


DNS-based Authentication of Named Entities (DANE) is a relevant security solution for deployment in today’s Internet, and it is ready for use. Putting DANE into DNS zones lets authorities extend authentication from DNSSEC data to DNS-reliant services (such as S/MIME, and TLS). Verisign Labs researchers are working with the Internet community to develop prototypes and reference implementations, advance standards, and promote awareness of DANE and its full potential to advance secure key learning.

Read More

Featured Project

getdns Open Source

Verisign Labs, along with NLNet Labs, leads community development and promotion of the open source getdns library, which brings DNSSEC and modern DNS features to applications developers and end-systems. Watch this presentation to learn the latest on getdns development.

Read More

Featured Expert

Featured Collaboration

Rutgers University is working with Verisign Labs researchers on differential privacy and anomaly detection.

Verisign Labs Publications

Verisign Labs Publications

Verisign Labs is committed to sharing our findings with the broader research community. Our repository makes available our researchers' publications, presentations, and industry standards contributions.

Our Publications

Verisign Labs on the Verisign Blog

Verisign’s Perspective on Recent Root Server Attacks

Guest post from Duane Wessels, Principal Research Scientist

Read More

In Network Security Design, It's About the Users

One of the longstanding goals of network security design is to be able to prove that a system – any system – is secure. Designers would like to be able to show that a system, properly implemented and operated, meets its objectives for confidentiality, integrity, availability and other attributes against the variety of threats the system may encounter. A half century into the computing revolution, this goal remains elusive. One reason for the shortcoming is theoretical: Computer scientists have made limited progress in proving lower bounds for the difficulty of solving the specific mathematical problems underlying most of today’s cryptography. Although those problems are widely believed to be hard, there’s no assurance that they must be so – and indeed it turns out that some of them may be quite easy to solve given the availability of a full-scale quantum computer. Another reason is a quite practical one: Even given building blocks that offer a high level of security, designers, as well as implementers, may well put them together in unexpected ways that ultimately undermine the very goals they were supposed to achieve.

Read More

As WHOIS Transitions to RDAP, How Do We Avoid the Same Mistakes?

In 1905, philosopher George Santayana famously noted, “Those who cannot remember the past are condemned to repeat it.” When past attempts to resolve a challenge have failed, it makes sense to consider different approaches even if they seem controversial or otherwise at odds with maintaining the status quo. Such is the case with the opportunity to make real progress in addressing the many functional issues associated with WHOIS. We need to think differently.

Read More