Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events To archive

Watch Live TODAY The DNSSEC Deployment Workshop At ICANN 48

icann48As mentioned previously, there is an excellent “DNSSEC Workshop” happening TODAY, November 20, 2013, at the ICANN 48 meeting in Buenos Aires, Argentina. The agenda, slides, and links for remote participation can be found at:

http://buenosaires48.icann.org/en/schedule/wed-dnssec

Both and audio and video live stream will be available. The workshop begins today at 9:45 am local time in Argentina, which is 12:45 UTC and 7:45 am US Eastern.

UPDATE: THE WORKSHOP BEGINS AT *8:30am* LOCAL TIME. Or 11:30 UTC / 6:30am US Eastern.

This technical workshop at ICANN meetings continues to be one of the best gatherings of the DNSSEC community and the sessions here again look to be extremely useful and educational. Today’s sessions include:

  • DNSSEC Deployment Statistics
  • DNSSEC Activities in Latin America
  • DNSSEC For The Enterprise
  • Guidance For Registrars in Supporting DNSSEC
  • DNSSEC Root Key Rollover
  • Automated Update of DNSSEC Information
  • Operational Realities of Running DNSSEC
  • DNSSEC Innovation: DANE Tools and Ideas

The sessions will be recorded if you are unable to watch live, but in watching live you’ll also have a chance to ask questions.

We’re looking forward to a great session today and we’ll be discussing more of what happened there in this blog in the days and weeks ahead.

 

Categories
Growing the Internet Internet Governance

ISOC members @ ICANN 48: challenges on Internet Governance

The Internet Society held its usual ISOC@ICANN meeting yesterday and I had the pleasure of welcoming the 100th Chapter: Paraguay.

We had an interesting discussion on the challenges ahead in the rapidly evolving Internet governance landscape. Our CEO and President, Lynn St. Amour gave an update on what happened since the Montevideo I* meeting. Her presentation is available here.

The high level notes to take away from the meeting are:

  • ISOC should be bold and proactive
  • Regional priorities differ and must be addressed
  • ISOC communities are eager to work together and will so long as the resources, leadership and collaborative opportunities are ther
  • /1Net is confusing and potentially more distracting than helpful. Brazil meeting may be useful but IGF has legitimacy and lineage. Should be strengthened
  • Engage governments directly through chapters and help position them as go-to Internet experts
  • Develop more with Organizational members and Universities around the world
  • Think and act creatively. Become adept at crowd-sourcing; market virally

Check out the full recorded session:

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events To archive

DNSSEC Deployment Workshop On Wednesday At ICANN 48 – Live stream available

icann48Interested in learning the current status of DNSSEC deployment?  Want to hear case studies from people who have deployed DNSSEC?  Would you like to know about some of the latest DNSSEC tools and services?  And what the role is of the DANE protocol?  All that and more will be discussed this Wednesday, November 20, 2013, at the “DNSSEC Workshop” at the ICANN 48 meeting in Buenos Aires, Argentina.  The agenda, slides, and links for remote participation can be found at:

http://buenosaires48.icann.org/en/schedule/wed-dnssec

Both and audio and video live stream will be available.  The workshop begins at 9:45 am local time in Argentina, which is 12:45 UTC and 7:45 am US Eastern.

UPDATE: The workshop begins at 8:30am local time, which is 11:30am UTC and 6:30am US Eastern.

This technical workshop at ICANN meetings continues to be one of the best gatherings of the DNSSEC community and the sessions here again look to be extremely useful and educational.  They include:

  • DNSSEC Deployment Statistics
  • DNSSEC Activities in Latin America
  • DNSSEC For The Enterprise
  • Guidance For Registrars in Supporting DNSSEC
  • DNSSEC Root Key Rollover
  • Automated Update of DNSSEC Information
  • Operational Realities of Running DNSSEC
  • DNSSEC Innovation: DANE Tools and Ideas

The last of these sessions on DANE will be one where I will be speaking.

The sessions will be recorded if you are unable to watch live… but if you do get a chance to watch live you’ll also be able to ask questions through the web interface.  As I mentioned, the slides for the session are all available at that URL above if you’d like to get a head start on seeing what will be discussed.

Do check it out… and get started today with using DNSSEC to make the Internet more secure!

 

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events To archive Tutorials

Watch/Listen Live TODAY to “DNSSEC For Everybody – A Beginner's Guide” at ICANN 48

icann48Want to quickly learn about DNSSEC and how it can make the Internet more secure?  Want to see an easy illustration of how DNSSEC works? Want to understand why DNSSEC is so important to strengthen the Internet against attackers? If so, tune in TODAY at 5:00 pm / 17:00  Buenos Aires time ( 20:00 UTC, 3:00 pm US Eastern) for the “DNSSEC For Everybody – A Beginner’s Guide” session where a group of people involved with DNSSEC will answer all these questions and more.  Information is at:

http://buenosaires48.icann.org/en/schedule/mon-dnssec-everybody

There are audio streams available in 7 languages and a “Virtual Meeting Room Stream Live” that will get you video and the slides.  The slides and session notes are also available at the bottom of that web page.

The overview of the session is:

DNSSEC continues to be deployed around the world at an ever accelerating pace. From the Root, to both Generic Top Level Domains (gTLDs) and Country Code Top Level Domains (ccTLDs), the push is on to deploy DNSSEC to every corner of the internet. Businesses and ISPs are building their deployment plans too and interesting opportunities are opening up for all as the rollout continues. Worried that you’re getting left behind? Don’t really understand DNSSEC? Then why not come along to the second ‘DNSSEC for Beginners’ session where we hope to demystify DNSSEC and show how you can easily and quickly deploy DNSSEC into your business. Come and find out how it all works, what tools you can use to help and meet the community that can help you plan and implement DNSSEC.

These are great sessions and usually I am participating but this week my travel schedule won’t get me to ICANN 48 until tomorrow. (Warren Kumari thankfully was able to cover my usual role.)  You don’t need any knowledge of DNSSEC to participate and it talks about DNSSEC in a fun and interesting way.  (And yes, there’s actually a skit involved! )

Look for the blue smoke… 🙂

P.S. If you can’t watch live, the session will be recorded and available later at that same URL for viewing.

 

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events To archive

4 More Days To Submit Speaking Ideas For DNSSEC Workshop At ICANN 48

icann48Will you be attending the ICANN 48 meeting in Buenos Aires, Argentina, in November 2013? If so, you have four more days to submit a speaking proposal for the DNSSEC Workshop planned for Wednesday, November 20, 2013.  I wrote about the call for speakers earlier but since that time the program committee decided to extend the proposal deadline to this Friday, September 20, 2013.  (We received feedback that people were still returning from summer holidays and our original deadline was too close to that.

We have a great line up of speakers so far, including some excellent folks to give us updates on DNSSEC in Latin America, but we still have room for a few more proposals.  The Call For Participation is included again below, along with the email address to which to send your ideas.

Thanks – and we’ll see you in Buenos Aires!


The DNSSEC Workshop program committee, of which I am a member, is seeking speakers for sessions on:

  • DNSSEC activities in Latin America
  • The operational realities of running DNSSEC
  • DNSSEC and enterprise activities
  • When unexpected events occur
  • Preparing for root key rollover
  • DANE and other DNSSEC applications
  • DNSSEC automation
  • Guidance for registrars in implementing DNSSEC
  • APIs between registrars and DNS hosting operators

In this session, we are particularly interested in hearing from people who have found (or developed) solutions for automating their implementation of DNSSEC. We are also very interested in hearing from registrars given that the 2013 Registrar Accreditation Agreement (RAA) with ICANN will require ICANN-accredited registrars to at the very least support the acceptance of DNSSEC records from registrants.

The full “Call for Participation” is below that provides more details. If you have an idea for a presentation, please send a brief 1 or 2 sentence description to dnssec-buenosaires@shinkuro.com which will reach the whole program committee. (Please send email rather than leave a comment here.)

We already have some solid speakers who have indicated their interest and so we’re very much looking forward to another excellent session. I’ll also note that the ICANN meetings are free to attend – you have to register but there is no cost. You just have to pay for your travel and expenses to get to Buenos Aires. The DNSSEC Workshop will also be streamed live over the Internet for those wishing to watch/listen and will be archived for later viewing.

These workshops are really excellent technical sessions. I would encourage you to attend if at all possible and I would definitely encourage you to submit a proposal to speak. We’re always interested in hearing new perspectives.


Call for Participation — ICANN DNSSEC Workshop 20 November 2013

The DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme, in cooperation with the ICANN Security and Stability Advisory Committee (SSAC), is planning a DNSSEC Workshop at the ICANN meeting in Buenos Aires, Argentina on 20 November 2013. The DNSSEC Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments. For reference, the most recent session was held at the ICANN meeting in Durban, South Africa on 17 July 2013. The presentations and transcripts are available at: http://durban47.icann.org/node/39749.

We are seeking presentations on the following topics:

1. DNSSEC Activities in Latin America:
For this panel we are seeking participation from those who have been involved in DNSSEC deployment in Latin America, but also from those who have not deployed DNSSEC but who have a keen interest in the challenges and benefits of deployment. In particular, we will consider the following questions: What can DNSSEC do for you? What doesn’t it do? What are the internal tradeoffs to implement DNSSEC or not?

2. The Operational Realities of Running DNSSEC
Now that DNSSEC has become an operational norm for many registries, registrars, and ISPs, what have we learned about how we manage DNSSEC? What’s best practice around key rollovers? How often do you review your disaster recovery procedures? Is there operational familiarity within your customer support teams? What operational statistics have we gathered about DNSSEC? Are there experiences being documented in the form of best practices, or something similar, for transfer of signed zones?

3. DNSSEC and Enterprise Activities
DNSSEC has always been seen as a huge benefit to organizations looking to protect their identity and security on the Web. Large enterprises are an obvious target for DNS hackers and DNSSEC provides an ideal solution to this challenge. This session aims to look at the benefits and challenges of deploying DNSSEC for major enterprises. Topics for discussion:
* What is the current status of DNSSEC deployment among enterprises?
* What plans do the major enterprises have for their DNSSEC roadmaps?
* What are the benefits to enterprises of rolling out DNSSEC validation? And how do they do so?
* What are the challenges to deployment for these organizations? Do they foresee raising awareness of DNSSEC with their customers?

4. When Unexpected DNSSEC Events Occur
What have we learned from some of the operational outages that we have seen over the past 18 months? Are there lessons that we can pass on to those just about to implement DNSSEC? How do you manage dissemination of information about the outage? What have you learned about communications planning? Do you have a route to ISPs and registrars? How do you liaise with your CERT community?

5. Preparing for Root Key Rollover
For this topic we are seeking input on issues relating to root key rollover. In particular, we are seeking comments from vendors, ISPs, and the community that will be affected by distribution of new root keys.

6. DANE and Other DNSSEC Applications
The DNS-based Authentication of Named Entitites (DANE) protocol is an exciting development where DNSSEC can be used to provide a strong additional trust layer for traditional SSL/TLS certificates. There is strong interest for DANE usage within web transactions as well as for securing email and Voice-over-IP (VoIP). We are seeking presentations on topics such as:
* What are some of the new and innovative uses of DANE in new areas or industries?
* What tools and services are now available that can support DANE usage?
* How soon could DANE become a deployable reality?
* How can the industry used DANE as a mechanism for creating a more secure Internet?

7. DNSSEC Automation:
For DNSSEC to reach massive deployment levels it is clear that a higher level of automation is required than is currently available. Topics for which we would like to see presentations include:
* What tools, systems and services are available to help automate DNSSEC key management?
* Can you provide an analysis of current tools/services and identify gaps?
* Where in the various pieces that make up DNSSEC signing and validation are the best opportunities for automation?
* What are the costs and benefits of different approaches to automation?

8. Guidance for Registrars in Supporting DNSSEC:
The 2013 Registrar Accreditation Agreement (RAA) for Registrars and Resellers requires the support of DNSSEC beginning on January 1, 2014. We are seeking presentations discussing:
* What are the specific technical requirements of the RAA and how can registrars meet those requirements?
* What tools and systems are available for registrars that include DNSSEC support?
* What information do registrars need to provide to resellers and ultimately customers?

We are particularly interested in hearing from registrars who have signed the 2013 RAA and have either already implemented DNSSEC support or have a plan for doing so.

9. APIs Between the Registrars and DNS Hosting Operators:
One specific area that has been identified as needing focus is the communication between registrars and DNS hosting operators, specifically when these functions are provided by different entities. Right now the communication, such as the transfer of a DS record, occurs primarily by way of the domain name holder copying and pasting information from one web interface to another. How can this be automated? We would welcome presentations by either registrars or DNS hosting operators who have implemented APIs for the communication of DNSSEC information – or from people with ideas around how such APIs could be constructed.

In addition, we welcome suggestions for additional topics.

If you are interested in participating, please send a brief (1-2 sentence)
description of your proposed presentation to dnssec-buenosaires@shinkuro.com by **Friday, 06 September 2013**

We hope that you can join us.

Thank you,

Julie Hedlund

On behalf of the DNSSEC Workshop Program Committee:
Steve Crocker, Shinkuro
Mark Elkins, DNS/ZACR
Cath Goulding, Nominet UK
Jean Robert Hountomey, AfricaCERT
Jacques Latour, .CA
Xiaodong Lee, CNNIC
Russ Mundy, Sparta/Parsons
Ondřej Surý, CZ.NIC
Lance Wolak, .ORG, The Public Interest Registry
Yoshiro Yoneya, JPRS
Dan York, Internet Society

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Events To archive

Call for Speakers For DNSSEC Workshop at ICANN 48 in Buenos Aires

icann48Will you be attending the ICANN 48 meeting in Buenos Aires, Argentina, in November 2013?  If so, are you interested in speaking about DNSSEC at the DNSSEC Workshop planned for Wednesday, November 20, 2013?

The DNSSEC Workshop program committee, of which I am a member, is seeking speakers for sessions on:

  • DNSSEC activities in Latin America
  • The operational realities of running DNSSEC
  • DNSSEC and enterprise activities
  • When unexpected events occur
  • Preparing for root key rollover
  • DANE and other DNSSEC applications
  • DNSSEC automation
  • Guidance for registrars in implementing DNSSEC
  • APIs between registrars and DNS hosting operators

In this session, we are particularly interested in hearing from people who have found (or developed) solutions for automating their implementation of DNSSEC.  We are also very interested in hearing from registrars given that the 2013 Registrar Accreditation Agreement (RAA) with ICANN will require ICANN-accredited registrars to at the very least support the acceptance of DNSSEC records from registrants.

The full “Call for Participation” is below that provides more details.  If you have an idea for a presentation, please send a brief 1 or 2 sentence description to dnssec-buenosaires@shinkuro.com which will reach the whole program committee. (Please send email rather than leave a comment here.)

We already have some solid speakers who have indicated their interest and so we’re very much looking forward to another excellent session.  I’ll also note that the ICANN meetings are free to attend – you have to register but there is no cost. You just have to pay for your travel and expenses to get to Buenos Aires.   The DNSSEC Workshop will also be streamed live over the Internet for those wishing to watch/listen and will be archived for later viewing.

These workshops are really excellent technical sessions. I would encourage you to attend if at all possible and I would definitely encourage you to submit a proposal to speak.  We’re always interested in hearing new perspectives.


Call for Participation — ICANN DNSSEC Workshop 20 November 2013

The DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme, in cooperation with the ICANN Security and Stability Advisory Committee (SSAC), is planning a DNSSEC Workshop at the ICANN meeting in Buenos Aires, Argentina on 20 November 2013. The DNSSEC Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments. For reference, the most recent session was held at the ICANN meeting in Durban, South Africa on 17 July 2013. The presentations and transcripts are available at: http://durban47.icann.org/node/39749.

We are seeking presentations on the following topics:

1. DNSSEC Activities in Latin America:
For this panel we are seeking participation from those who have been involved in DNSSEC deployment in Latin America, but also from those who have not deployed DNSSEC but who have a keen interest in the challenges and benefits of deployment. In particular, we will consider the following questions: What can DNSSEC do for you? What doesn’t it do? What are the internal tradeoffs to implement DNSSEC or not?

2. The Operational Realities of Running DNSSEC
Now that DNSSEC has become an operational norm for many registries, registrars, and ISPs, what have we learned about how we manage DNSSEC? What’s best practice around key rollovers? How often do you review your disaster recovery procedures? Is there operational familiarity within your customer support teams? What operational statistics have we gathered about DNSSEC? Are there experiences being documented in the form of best practices, or something similar, for transfer of signed zones?

3. DNSSEC and Enterprise Activities
DNSSEC has always been seen as a huge benefit to organizations looking to protect their identity and security on the Web. Large enterprises are an obvious target for DNS hackers and DNSSEC provides an ideal solution to this challenge. This session aims to look at the benefits and challenges of deploying DNSSEC for major enterprises. Topics for discussion:
* What is the current status of DNSSEC deployment among enterprises?
* What plans do the major enterprises have for their DNSSEC roadmaps?
* What are the benefits to enterprises of rolling out DNSSEC validation? And how do they do so?
* What are the challenges to deployment for these organizations? Do they foresee raising awareness of DNSSEC with their customers?

4. When Unexpected DNSSEC Events Occur
What have we learned from some of the operational outages that we have seen over the past 18 months? Are there lessons that we can pass on to those just about to implement DNSSEC? How do you manage dissemination of information about the outage? What have you learned about communications planning? Do you have a route to ISPs and registrars? How do you liaise with your CERT community?

5. Preparing for Root Key Rollover
For this topic we are seeking input on issues relating to root key rollover. In particular, we are seeking comments from vendors, ISPs, and the community that will be affected by distribution of new root keys.

6. DANE and Other DNSSEC Applications
The DNS-based Authentication of Named Entitites (DANE) protocol is an exciting development where DNSSEC can be used to provide a strong additional trust layer for traditional SSL/TLS certificates. There is strong interest for DANE usage within web transactions as well as for securing email and Voice-over-IP (VoIP). We are seeking presentations on topics such as:
* What are some of the new and innovative uses of DANE in new areas or industries?
* What tools and services are now available that can support DANE usage?
* How soon could DANE become a deployable reality?
* How can the industry used DANE as a mechanism for creating a more secure Internet?

7. DNSSEC Automation:
For DNSSEC to reach massive deployment levels it is clear that a higher level of automation is required than is currently available. Topics for which we would like to see presentations include:
* What tools, systems and services are available to help automate DNSSEC key management?
* Can you provide an analysis of current tools/services and identify gaps?
* Where in the various pieces that make up DNSSEC signing and validation are the best opportunities for automation?
* What are the costs and benefits of different approaches to automation?

8. Guidance for Registrars in Supporting DNSSEC:
The 2013 Registrar Accreditation Agreement (RAA) for Registrars and Resellers requires the support of DNSSEC beginning on January 1, 2014. We are seeking presentations discussing:
* What are the specific technical requirements of the RAA and how can registrars meet those requirements?
* What tools and systems are available for registrars that include DNSSEC support?
* What information do registrars need to provide to resellers and ultimately customers?

We are particularly interested in hearing from registrars who have signed the 2013 RAA and have either already implemented DNSSEC support or have a plan for doing so.

9. APIs Between the Registrars and DNS Hosting Operators:
One specific area that has been identified as needing focus is the communication between registrars and DNS hosting operators, specifically when these functions are provided by different entities. Right now the communication, such as the transfer of a DS record, occurs primarily by way of the domain name holder copying and pasting information from one web interface to another. How can this be automated? We would welcome presentations by either registrars or DNS hosting operators who have implemented APIs for the communication of DNSSEC information – or from people with ideas around how such APIs could be constructed.

In addition, we welcome suggestions for additional topics.

If you are interested in participating, please send a brief (1-2 sentence)
description of your proposed presentation to dnssec-buenosaires@shinkuro.com by **Friday, 06 September 2013**

We hope that you can join us.

Thank you,

Julie Hedlund

On behalf of the DNSSEC Workshop Program Committee:
Steve Crocker, Shinkuro
Mark Elkins, DNS/ZACR
Cath Goulding, Nominet UK
Jean Robert Hountomey, AfricaCERT
Jacques Latour, .CA
Xiaodong Lee, CNNIC
Russ Mundy, Sparta/Parsons
Ondřej Surý, CZ.NIC
Lance Wolak, .ORG, The Public Interest Registry
Yoshiro Yoneya, JPRS
Dan York, Internet Society