DNSSEC is a signed-domain security process ICANN has been studying. It's expensive and costs would probably eventually be passed down to the user community and registrants but if widely implemented it could go a long way toward improving security and stability (in my opinion)
The expense is mostly in software upgrades, not something that I think is an overwhelming cost. If you've followed the recent news about DNS security holes, they're real, and DNSSEC appears to be the most practical countermeasure. DNSSEC works by having a chain of signatures, from zone to zone, ideally starting at the root but for now starting at a TLD. A few ccTLD zones are currently signing with DNSSEC, I think Brazil and Sweden. More relevantly, .ORG plans to start using DNSSEC within the next year. Registrants who sign their own 2nd level domains need to pass their keys to the registry so the registry can include the necessary links in the TLD zone. Since the registrar is the only path from the registrant to the registry, this means that registrars have to support DNSSEC. I gather that it's not that big a deal, basically a few more fields in the data they collect fromt the registrant and provide to the registry. So we really do mean that that registrars should support DNSSEC. R's, John PS: They should support the redemption period, too, with price caps, but that's a separate issue.