Comcast has announced it will contribute $15,000 to an NLnet Foundation grant program designed to help open-source developers add DNSSEC features to their applications, in an effort to “help fund some developers to start working on DNSSEC-aware applications, and motivate others to do the same.”

NLnet describes the vision behind the fund this way:

Of course it is already a big win that the chain can henceforth be trusted up to the point where providers relay the answer to the client. But this is not good enough for perfectly normal use such as using a (potentially hostile) public wifi hotspot: for end users to fully benefit from DNSSEC in such cases, the software on the end user side should be able to validate DNSSEC signatures as well – especially on sensitive data like digital security keys and certificates. Most (but not all) applications depend on higher level services to handle DNS, which means that these service stacks need to be updated in all operating systems. Specific client software using their own built-in DNS services, like realtime communication software (e.g. SIP, XMPP), messaging servers and browsers, also will need to be adapted.

Comcast’s executive director for Internet systems, Jason Livingood, noted:

As Comcast and other ISPs implement DNSSEC, and domain owners start to cryptographically sign their domains, we can see a point in the near future where applications may start to show end users some indication that a domain has been secured with DNSSEC. This may be much like a web browser shows a special lock icon when a user visits a website secured with SSL.

Go here for more information or to apply for a grant.