VeriSign is in many ways synonymous with managing the Web, thanks to its handling of key DNS root servers and of name resolution for .com, .net, and other domains. In recent years, it's had both strong ups and strong downs.

On the up side, VeriSign has aggressively pushed PKI, SSL/TLS, EV, and digital certificates, making these authenticated security approaches commonplace. And VeriSign has spent millions of dollars building out and protecting the Internet's massive DNS infrastructure, even though its contract with the DNS's governing body required that VeriSign spend just a fraction of that amount. Although VeriSign's extra investment was a business decision meant to keep its lead as DNS infrastructure manager, the result for Internet users is still a better DNS infrastructure than was required.

On the downside, in the 2005-2007 period, the company angered many users by adding new services to the Internet, such as domain waitlisting, and by raising registration fees. It garnered significant ill will when its Network Solutions domain registration unit (later sold) began redirecting misspelled URLs to ads, causing an uproar among users. When VeriSign met resistance over such actions from ICANN, the global steward of Web domains, it sued the organization. Although that suit was resolved after VeriSign agreed to new ICANN procedures, users and elected officials remained nervous about VeriSign's potential actions. In 2007, the company ran afoul of federal regulators, resulting in its CFO's resignation and a restatement of earnings.

During this same period of ups and downs, VeriSign entered several new lines of business, such as Wi-Fi roaming services, RFID contract resolution (to translate an RFID tag's electronic number to a product's common name), and one-time-use security credentials. More recently, VeriSign has been part of a consortium promoting the OpenID federated certificate standard.

Today, VeriSign is refocused on its Internet roots, after having dropped some of its new ventures, to focus on DNS management. The company processes about 48 billion name resolution requests per day across 60 different locations, peaking at 700,000 queries a second. It is a major provider of PKI technologies and services, including digital certificate products, managed security services, and IT consulting services.

InfoWorld interviewed CTO Ken Silva on the company's current and past challenges. Silva manages VeriSign's technical operations, which handle much of the world's DNS traffic and cryptographically protect millions of Web sites. Before joining VeriSign, Silva spent 10 years with the National Security Agency (NSA). Roger asked about VeriSign's current status and future plans. Here are some excerpts from that interview:

Q: In the first part of this decade, the global DNS infrastructure came under a few big denial-of-service attacks that caused service disruptions, but in the last few years, we haven't seen any significant service outages. How well have we done in making DNS resistant to