Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events Improving Technical Security IPv6 Mutually Agreed Norms for Routing Security (MANRS)

IPv6, DNSSEC, Security and More at ION Malta

The Deploy360 team is back from ION Malta, which took place on 18 September alongside an ICANN DNSSEC Training Workshop. We again thank our sponsor Afilias for making this possible, and are now working toward our final ION Conference of the year, ION Belgrade in November. All the presentations from ION Malta are available online.

I opened the event with an introduction to Deploy360 and an invitation for everyone to get involved with the Internet Society’s 25th anniversary the next day. We also heard from Jasper Schellekens, the president of the ISOC Malta Chapter about their activities and how to get more involved. They have a small but mighty presence in Malta and are looking forward to getting more members and increasing their activity.

Next, Nathalie Trenaman from RIPE NCC gave a fascinating presentation on the status of IPv6 in Malta. Unfortunately, IPv6 penetration in Malta is extremely low, but ISPs are transferring IPv4 address space around and, interestingly, have purchased over 30,000 IPv4 addresses from Romania. She encouraged ISPs to begin moving to IPv6 now, as RIPE NCC estimates that full transition takes about 2.5 years to complete.

Next up, Klaus Nieminen from the Finnish Communications Regulatory Authority (FICORA) gave a short case study on the Finnish IPv6 Launch and how the regulator encouraged ISPs across Finland to deploy IPv6. They published a detailed recommendation to all ISPs to deploy IPv6, which included recommendations on prefix sizes, security, CPE support, and more. All three of Finland’s top ISPs, and several content and service providers participated, enabling more than 5 million people across Finland and raising its IPv6 penetration from 0.4% to over 7% (and growing!). Klaus finished his talk by explaining some of the challenges they faced, how they overcame them, and some of the lessons they learned along the way.

We then switched gears to talk about routing security. Kevin Meynell and Marco d’Itri from seeweb talked about the Mutually Agreed Norms for Routing Security (MANRS) and what that means for operators. Kevin presented an overview of MANRS, which encourages network operators to implement four minimal actions including filtering, anti-spoofing, coordination and address prefix validation. A new MANRS implementation guide is also available to help operators comply, providing step-by-step instructions with a set of online training modules coming soon. Marco followed up that introduction with specific examples of why seeweb decided to join the MANRS initiative, explaining how each action is good for the Internet as a whole but also has real-world consequences if they are not implemented.

Richard Lamb from ICANN then gave an introduction to DNSSEC, with an audience participation demonstration on how the DNS chain of trust works, and how DNSSEC makes sure you’re getting the information you think you’re getting while online. He talked about the growing support for DNSSEC and how many ccTLDs and gTLDs are signed, nothing that unfortunately only 3% of 2nd level domains are signed so far.

Kevin Meynell then discussed what’s going on at the IETF and how to get involved. He pointed out low attendance from Malta and pointed to the Internet Society’s IETF Technical Fellows and Policy Guest programs to encourage participation. He also explained some of the working groups and current drafts in key areas and answered questions from the audience about where to start (hint: join a mailing list and dig in!).

Slightly outside our usual Deploy360 lane, Adam Peake from ICANN gave a talk on the recent IANA Transition. Completed in October 2016, it created strengthened relationships between the IETF, Regional Internet Registries, and ccTLD and gTLD operators and TLD community, and ICANN. A new organization, Public Technical Identifiers (PTI), an affiliate of ICANN, is now responsible for performing the IANA functions and delivering the IANA Services on behalf of ICANN. Adam discussed these new arrangements and how they have enhanced ICANN’s accountability and transparency to the global Internet community. Finally, Adam described how ICANN is preparing for the Root KSK Rollover.

We then moved onto DANE, with Richard Lamb describing how certificates work and how to use DNS-Based Authentication of Named Entities (DANE) to securely specify which certificate an application should use. DANE has immense potential to make the Internet much more secure by marrying the strong integrity protection of DNSSEC with the confidentiality of SSL/TLS certificates.

Finally, we had an “IPv6 Success Stories” panel with Clara Scerri Delia from MCA moderating, and panelists Marco d’Itri, Bernard Mallia, and Klaus Nieminen. It was an interesting panel with Marco and Klaus playing the pro-IPv6 roles and Bernard playing the business angle, asking “What’s in it for me?” It became a truly interactive panel, including multiple comments and questions from the audience.

We would like to thank MITA for hosting and supporting this ION. Thanks also to the speakers and everyone else who contributed towards making the event a successful and productive one. The proceedings are available here, and if you’re inspired by what you see and read, please check out our Start Here page to understand how you can get started with these technologies.