HOME

TheInfoList



OR:

Verisign Inc. is an American company based in
Reston, Virginia Reston is a census-designated place in Fairfax County, Virginia and a principal city of the Washington metropolitan area. As of the 2020 U.S. Census, Reston's population was 63,226. Founded in 1964, Reston was influenced by the Garden City move ...
,
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country Continental United States, primarily located in North America. It consists of 50 U.S. state, states, a Washington, D.C., ...
that operates a diverse array of network infrastructure, including two of the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, p ...
's thirteen root nameservers, the authoritative registry for the , , and generic
top-level domain A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in ...
s and the and
country-code top-level domain A country code top-level domain (ccTLD) is an Internet top-level domain generally used or reserved for a country, sovereign state, or dependent territory identified with a country code. All ASCII ccTLD identifiers are two letters long, and al ...
s, and the back-end systems for the , , and sponsored top-level domains. In 2010, Verisign sold its authentication business unit – which included
Secure Sockets Layer Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
(SSL) certificate,
public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facili ...
(PKI), Verisign Trust Seal, and Verisign Identity Protection (VIP) services – to
Symantec Symantec may refer to: *An American consumer software company now known as Gen Digital Inc. *A brand of enterprise security software purchased by Broadcom Inc. Broadcom Inc. is an American designer, developer, manufacturer and global supplier ...
for $1.28 billion. The deal capped a multi-year effort by Verisign to narrow its focus to its core infrastructure and security business units. Symantec later sold this unit to
DigiCert DigiCert, Inc. is an American digital security company headquartered in Lehi, Utah, with offices in Australia, Ireland, Japan, India, France, South Africa, Switzerland and United Kingdom. As a certificate authority (CA) and trusted third party, D ...
in 2017. On October 25, 2018, NeuStar, Inc. acquired VeriSign’s Security Service Customer Contracts. The acquisition effectively transferred Verisign Inc.’s Distributed Denial of Service (DDoS) protection, Managed DNS, DNS Firewall and fee-based Recursive DNS services customer contracts. Verisign's former
chief financial officer The chief financial officer (CFO) is an officer of a company or organization that is assigned the primary responsibility for managing the company's finances, including financial planning, management of financial risks, record-keeping, and fina ...
(CFO) Brian Robins announced in August 2010 that the company would move from its original location of Mountain View,
California California is a state in the Western United States, located along the Pacific Coast. With nearly 39.2million residents across a total area of approximately , it is the most populous U.S. state and the 3rd largest by area. It is also the m ...
, to Dulles in
Northern Virginia Northern Virginia, locally referred to as NOVA or NoVA, comprises several counties and independent cities in the Commonwealth of Virginia in the United States. It is a widespread region radiating westward and southward from Washington, D.C. Wit ...
by 2011 due to 95% of the company's business being on the East Coast. The company is incorporated in Delaware.


History

Verisign was founded in 1995 as a spin-off of the
RSA Security RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rive ...
certification services business. The new company received licenses to key cryptographic patents held by RSA (set to expire in 2000) and a time-limited non-compete agreement. The new company served as a
certificate authority In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Thi ...
(CA) and its initial mission was "providing trust for the Internet and
Electronic Commerce E-commerce (electronic commerce) is the activity of electronically buying or selling of products on online services or over the Internet. E-commerce draws on technologies such as mobile commerce, electronic funds transfer, supply chain manage ...
through our Digital Authentication services and products". Prior to selling its certificate business to
Symantec Symantec may refer to: *An American consumer software company now known as Gen Digital Inc. *A brand of enterprise security software purchased by Broadcom Inc. Broadcom Inc. is an American designer, developer, manufacturer and global supplier ...
in 2010, Verisign had more than 3 million certificates in operation for everything from military to financial services and retail applications, making it the largest CA in the world. In 2000, Verisign acquired
Network Solutions Network Solutions, LLC is an American-based technology company and a subsidiary of Web.com, the 4th largest .com domain name registrar with over 6.7 million registrations as of August 2018. In addition to being a domain name registrar, Network S ...
, which operated the , and TLDs under agreements with the Internet Corporation for Assigned Names and Numbers (
ICANN The Internet Corporation for Assigned Names and Numbers (ICANN ) is an American multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces ...
) and the
United States Department of Commerce The United States Department of Commerce is an executive department of the U.S. federal government concerned with creating the conditions for economic growth and opportunity. Among its tasks are gathering economic and demographic data for bus ...
. Those core registry functions formed the basis for Verisign's naming division, which by then had become the company's largest and most significant business unit. In 2002, Verisign was charged with violation of the Securities Exchange Act. Verisign divested the Network Solutions retail (
domain name registrar A domain name registrar is a company that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) Domain name registry, registry or a country code top-level domain (ccTLD) ...
) business in 2003, retaining the
domain name registry A domain name registry is a database of all domain names and the associated registrant information in the top level domains of the Domain Name System (DNS) of the Internet that enables third party entities to request administrative control of a d ...
(wholesale) function as its core Internet addressing business. For the year ended December 31, 2010, Verisign reported revenue of $681 million, up 10% from $616 million in 2009. Verisign operates two businesses, Naming Services, which encompasses the operation of top-level domains and critical Internet infrastructure, and Network Intelligence and Availability (NIA) Services, which encompasses DDoS mitigation, managed DNS and threat intelligence. On August 9, 2010,
Symantec Symantec may refer to: *An American consumer software company now known as Gen Digital Inc. *A brand of enterprise security software purchased by Broadcom Inc. Broadcom Inc. is an American designer, developer, manufacturer and global supplier ...
completed its approximately $1.28 billion acquisition of Verisign's authentication business, including the Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the Verisign Trust Services, the Verisign Identity Protection (VIP) Authentication Service, and the majority stake in Verisign Japan. The deal capped a multi-year effort by Verisign to narrow its focus to its core infrastructure and security business units. Following ongoing controversies regarding Symantec's handling of certificate validation, which culminated in
Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...
untrusting Symantec-issued certificates in its
Chrome web browser Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS ...
, Symantec sold this unit to
DigiCert DigiCert, Inc. is an American digital security company headquartered in Lehi, Utah, with offices in Australia, Ireland, Japan, India, France, South Africa, Switzerland and United Kingdom. As a certificate authority (CA) and trusted third party, D ...
in 2017 for $950 Million. Verisign's share price tumbled in early 2014, hastened by the U.S. government's announcement that it would "relinquish oversight of the Internet's domain-naming system to a non-government entity". Ultimately ICANN chose to continue VeriSign's role as the root zone maintainer and the two entered into a new contract in 2016.


Naming services

Verisign's core business is its naming services division. The division operates the authoritative domain name registries for two of the Internet's most important top-level domains, and . It is also the contracted registry operator for the
.name The domain name is a generic top-level domain (gTLD) in the Domain Name System of the Internet. It is intended for use by individuals for representation of their personal name, nicknames, screen names, pseudonyms, or other types of identification ...
and
.gov The domain name gov is a sponsored top-level domain (sTLD) in the Domain Name System of the Internet. The name is derived from the word ''government'', indicating its restricted use by government entities. The TLD is administered by the Cyber ...
top-level domains as well as the country code top-level domains ( Cocos Islands) and (
Tuvalu Tuvalu ( or ; formerly known as the Ellice Islands) is an island country and microstate in the Polynesian subregion of Oceania in the Pacific Ocean. Its islands are situated about midway between Hawaii and Australia. They lie east-northea ...
). In addition, Verisign is the primary technical subcontractor for the , and top-level domains for their respective registry operators, which are non-profit organizations; in this role Verisign maintains the
zone file A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP add ...
s for these particular domains and hosts the domains from their domain servers. Registry operators are the "wholesalers" of Internet domain names, while
domain name registrar A domain name registrar is a company that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) Domain name registry, registry or a country code top-level domain (ccTLD) ...
s act as the “retailers”, working directly with consumers to register a domain name address. Verisign also operates two of the Internet's thirteen " root servers" which are identified by the letters A-M (Verisign operates the “A” and “J” root servers). The root servers form the top of the hierarchical
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
that supports most modern Internet communication. Verisign also generates the globally recognized
root zone file A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers fo ...
and is also responsible for processing changes to that file once they are ordered by
ICANN The Internet Corporation for Assigned Names and Numbers (ICANN ) is an American multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces ...
via
IANA The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Interne ...
and approved by the U.S. Department of Commerce. Changes to the root zone were originally distributed via the A root server, but now they are distributed to all thirteen servers via a separate distribution system which Verisign maintains. Verisign is the only one of the 12 root server operators to operate more than one of the thirteen
root nameservers A root name server is a name server for the root zone of the Domain Name System (DNS) of the Internet. It directly answers requests for records in the root zone and answers other requests by returning a list of the authoritative name servers fo ...
. The A and J root servers are " anycasted” and are no longer operated from any of the company's own datacenters as a means to increase redundancy and availability and mitigate the threat of a
single point of failure A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire system from working. SPOFs are undesirable in any system with a goal of high availability or reliability, be it a business practice, software ap ...
. In 2016, the Department of Commerce ended its role in managing the Internet's DNS and transferred full control to ICANN. While this initially negatively impacted VeriSign's stock, ICANN eventually chose to contract with Verisign to continue its role as the root zone maintainer. VeriSign's naming services division dates back to 1993 when Network Solutions was awarded a contract by the
National Science Foundation The National Science Foundation (NSF) is an independent agency of the United States government that supports fundamental research and education in all the non-medical fields of science and engineering. Its medical counterpart is the National ...
to manage and operate the civilian side of the Internet's domain name registrations. Network Solutions was the sole registrar for all of the Internet's non-governmental generic top-level domains until 1998 when ICANN was established and the new system of competitive registrars was implemented. As a result of these new policies, Network Solutions divided itself into two divisions. The NSI Registry division was established to manage the authoritative registries that the company would still operate, and was separated from the customer-facing registrar business that would have to compete with other registrars. The divisions were even geographically split with the NSI Registry moving from the corporate headquarters in Herndon, Virginia, to nearby Dulles, Virginia. In 2000, VeriSign purchased Network Solutions taking over its role in the Internet's DNS. The NSI Registry division eventually became VeriSign's naming services division while the remainder of Network Solutions was later sold by Verisign in 2003 to Pivotal Equity Group.


Company properties

Following the sale of its authentication services division in 2010, Verisign relocated from its former headquarters in Mountain View, California, to the headquarters of the naming division in
Sterling, Virginia Sterling, Virginia, refers most specifically to a census-designated place (CDP) in Loudoun County, Virginia, United States. The population of the CDP as of the 2010 United States Census was 27,822. The CDP boundaries are confined to a relatively ...
(originally NSI Registry's headquarters). Verisign began shopping that year for a new permanent home shortly after moving. They signed a lease for 12061 Bluemont Way in Reston, the former Sallie Mae headquarters, in 2010 and decided to purchase the building in September 2011. They have since terminated their lease of their current space in two buildings at Lakeside@Loudoun Technology Center. The company completed its move at the end of November 2011. The new headquarters is located in the Reston Town Center development which has become a major commercial and business hub for the region. In addition to its Reston headquarters, Verisign owns three data center properties. One at 22340 Dresden Street in Dulles, Virginia not far from its corporate headquarters (within the large Broad Run Technology Park), one at 21 Boulden Circle in New Castle, Delaware, and a third in Fribourg, Switzerland. Their three data centers are mirrored so that a disaster at one data center has a minimal impact on operations. Verisign also leases an office suite in downtown Washington, D.C., on K street where its government relations office is located. It also has leased server space in numerous internet data centers around the world where the DNS constellation resolution sites are located, mostly at major internet peering facilities. One such facility is at the Equinix Ashburn Datacenter in
Ashburn, Virginia Ashburn is a census-designated place (CDP) in Loudoun County, Virginia, United States. At the 2010 United States Census, its population was 43,511, up from 3,393 twenty years earlier. It is northwest of Washington, D.C., and part of the Washi ...
, one of the world's largest datacenters and internet transit hubs.


Controversies


2001: Code signing certificate mistake

In January 2001, Verisign mistakenly issued two Class 3
code signing Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to v ...
certificates to an individual claiming to be an employee of
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washi ...
. The mistake was not discovered and the certificates were not revoked until two weeks later during a routine audit. Because Verisign code-signing certificates do not specify a Certificate Revocation List Distribution Point, there was no way for them to be automatically detected as having been revoked, placing Microsoft's customers at risk. Microsoft had to later release a special security patch in order to revoke the certificates and mark them as being fraudulent.


2002: Domain transfer law suit

In 2002, Verisign was sued for domain slamming – transferring domains from other registrars to themselves by making the registrants believe they were merely renewing their domain name. Although they were found not to have broken the law, they were barred from suggesting that a domain was about to expire or claim that a transfer was actually a renewal.


2003: Site Finder legal case

In September 2003, Verisign introduced a service called Site Finder, which redirected Web browsers to a search service when users attempted to go to non-existent or domain names.
ICANN The Internet Corporation for Assigned Names and Numbers (ICANN ) is an American multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces ...
asserted that Verisign had overstepped the terms of its contract with the U.S. Department of Commerce, which in essence grants Verisign the right to operate the DNS for and , and Verisign shut down the service. Subsequently, Verisign filed a lawsuit against ICANN in February 2004, seeking to gain clarity over what services it could offer in the context of its contract with ICANN. The claim was moved from federal to California state court in August 2004. In late 2005, Verisign and ICANN announced a proposed settlement which defined a process for the introduction of new registry services in the registry. The documents concerning these settlements are available at ICANN.org. The ICANN comments mailing list archive documents some of the criticisms that have been raised regarding the settlement. Additionally, Verisign was involved in the matter decided by the
Ninth Circuit The United States Court of Appeals for the Ninth Circuit (in case citations, 9th Cir.) is the U.S. federal court of appeals that has appellate jurisdiction over the U.S. district courts in the following federal judicial districts: * District ...
.


2003: Gives up domain

In keeping with ICANN's charter to introduce competition to the domain name marketplace, Verisign agreed to give up its operation of top-level domain in 2003 in exchange for a continuation of its contract to operate , which, at the time had more than 34 million registered addresses.


2005: Retains domain

In mid-2005, the existing contract for the operation of expired and five companies, including Verisign, bid for management of it. Verisign enlisted numerous IT and telecom heavyweights including Microsoft, IBM, Sun Microsystems, MCI, and others, to assert that Verisign had a perfect record operating . They proposed Verisign continue to manage the DNS due to its critical importance as the domain underlying numerous "backbone" network services. Verisign was also aided by the fact that several of the other bidders were based outside the United States, which raised concerns in national security circles. On June 8, 2005, ICANN announced that Verisign had been approved to operate until 2011. More information on the bidding process is available at
ICANN The Internet Corporation for Assigned Names and Numbers (ICANN ) is an American multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces ...
. On July 1, 2011, ICANN announced that VeriSign's approval to operate .net was extended another six years, until 2017.


2010: Data breach and disclosure controversy

In February 2012, Verisign revealed that their network security had been repeatedly breached in 2010. Verisign stated that the breach did not impact the
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned t ...
(DNS) that they maintain, but would not provide details about the loss of data. Verisign was widely criticized for not disclosing the breach earlier and apparently attempting to hide the news in an October 2011 SEC filing. Because of the lack of details provided by Verisign, it was not clear whether the breach impacted the certificate signing business, acquired by Symantec in late 2010. Some, such as Oliver Lavery, the Director of Security and Research for nCircle, doubted whether sites using Verisign SSL certificates could be trusted.


2010: Web site domain seizures

On November 29, 2010, the
U.S. Immigration and Customs Enforcement The U.S. Immigration and Customs Enforcement (ICE) is a federal law enforcement agency under the U.S. Department of Homeland Security. ICE's stated mission is to protect the United States from the cross-border crime and illegal immigration tha ...
(U.S. ICE) issued seizure orders against 82 web sites with Internet addresses that were reported to be involved in the illegal sale and distribution of counterfeit goods. As registry operator for , Verisign performed the required takedowns of the 82 sites under order from law enforcement. ''InformationWeek'' reported that "Verisign will say only that it received sealed court orders directing certain actions to be taken with respect to specific domain names". The removal of the 82 websites was cited as an impetus for the launch of "the Dot-P2P Project" in order to create a decentralized DNS service without centralized registry operators. Following the disappearance of
WikiLeaks WikiLeaks () is an international non-profit organisation that published news leaks and classified media provided by anonymous sources. Julian Assange, an Australian Internet activist, is generally described as its founder and director and ...
during the following week and its forced move to wikileaks.ch, a Swiss domain, the
Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ...
warned of the dangers of having key pieces of Internet infrastructure such as DNS name translation under corporate control.


2012: Web site domain seizure

In March 2012, the U.S. government declared that it has the right to seize domains ending in , , , , , and if the companies administering the domains are based in the U.S. The U.S. government can seize the domains ending in , , , , and by serving a court-order on Verisign, which manages those domains. The domain is managed by the
Virginia Virginia, officially the Commonwealth of Virginia, is a state in the Mid-Atlantic and Southeastern regions of the United States, between the Atlantic Coast and the Appalachian Mountains. The geography and climate of the Commonwealth are ...
-based non-profit Public Interest Registry. In March 2012, Verisign shut down the sports-betting site Bodog.com after receiving a court order, even though the domain name was registered to a Canadian company.


References


External links

*
Digicert SSL Certificates - formerly from Verisign

Oral history interview with James Bidzos
Charles Babbage Institute The IT History Society (ITHS) is an organization that supports the history and scholarship of information technology by encouraging, fostering, and facilitating archival and historical research. Formerly known as the Charles Babbage Foundation, ...
University of Minnesota, Minneapolis. Bidzos discusses his leadership of software security firm
RSA Data Security RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, ...
as it sought to commercialize encryption technology as well as his role in creating the RSA Conference and founding Verisign. Oral history interview 2004, Mill Valley, California. {{Authority control Internet technology companies of the United States American companies established in 1995 Domain Name System Computer companies established in 1995 Companies based in Reston, Virginia Companies listed on the Nasdaq Former certificate authorities Radio-frequency identification Domain name registries 1995 establishments in Virginia DDoS mitigation companies 1998 initial public offerings Corporate spin-offs