Categories
Domain Name System Security Extensions (DNSSEC)

Rough Guide To ICANN 51: DNSSEC And The Root KSK Rollover

How do we increase the security of the Domain Name System (DNS)? How can we expand the usage of DNS Security Extensions (DNSSEC) and use it to create a higher level of trust on the Internet? How do we make the Internet more secure?

Most of us probably don’t think all that much about DNS but yet we use it for almost every interaction we have on the Internet. Whether we are reading the latest news, buying something online, sending email to a friend or joining into whatever the latest social network is, domain names are the tool we use to connect to sites without having to remember long numerical IP addresses. We just expect it to work and take it for granted.

There is, however, a whole community of people out there who are deeply concerned about ensuring that DNS “just works” for everyone and provides the correct answers. Coming from network operators, vendors, enterprises, governments, universities and other organizations, many of those people will be present at the ICANN 51 meeting next week in Los Angeles for a series of deeply technical meetings focused around the operations, security, stability and reliability of DNS. Many of these meetings will take place under the auspices of ICANN’s Security and Stability Advisory Committee (SSAC) although they will occur in other groups as well.

From an Internet Society technology point of view, our primary focus will be on continued efforts to accelerate the deployment of DNSSEC. This is one of the primary topics of our Deploy360 Programme and has been an area in which I have personally focused. I wrote a detailed description of the DNSSEC activities at ICANN 51 for those interested, but here are the key points:

DNSSEC For Everybody: A Beginner’s Guide On Monday, October 13, we will have an introductory session from 17:00-18:30 PDT where we will introduce the basics of DNS and DNSSEC in a light-hearted and fun way. It’s a good place to learn the basics and it will be streamed live for those who are remote.

DNSSEC Workshop – On Wednesday, October 15, will be the largest session about DNSSEC. In this 6+ hour session from 8:30-14:45 PDT we have a great range of technical speakers covering these topics:

  • DNSSEC Activities in North America
  • Impact of Root Key Rollover
  • DNSSEC Deployment in Operating Systems
  • DNS/DNSSEC Monitoring
  • DANE and Email Services

It should be an excellent session with great technical conversations. It will be available remotely and all the relevant links and slides can be found at http://la51.icann.org/en/schedule/wed-dnssec

DNSSEC Root KSK Rollover Workshop – On Thursday, October 16, ICANN will be holding a public workshop about the potential impact of changing the Root Key Signing Key (KSK) that is at the heart of the DNSSEC “global chain of trust”. I published links to background information that provide some context for this discussion. It’s quite an important one and, like the others, will be available for people who are remote.

It will be a very busy week on the technology front as there is also a meeting of the DNS-OARC organization over the weekend and a very busy Tech Day on Monday. Again, more details can be found in my Deploy360 article on this topic.

If you will be out at ICANN 51 and interested in speaking with me more about these topics, please do find me in one of the DNSSEC sessions or contact me via email to arrange a time to meet. See you in L.A.!