March 2012 archive

Friday Video: IPv6 and NAT Fanboys

Continuing our series of humorous Friday posts, how could we not post this animated video on the theme of “NATs are good!”?   :-)


Deploy360 Team At IETF 83 Next Week In Paris…

IETF LogoIf you are going to be at the 83rd meeting of the Internet Engineering Task Force (IETF) next week in Paris, two members of the Deploy360 team, Megan Kruse and myself (Dan York), will be there onsite for the full week.

Given what we do here at Deploy360, you can expect to typically find us in the DNSSEC-related working groups and the IPv6-related working groups as well as various other groups that have IPv6- or DNSSEC-related documents under consideration. Odds are pretty good that we’ll also be in some of the other working groups highlighted in the recently released document:

Internet Society’s Rough Guide to IETF 83′s Hot Topics

Particularly some of the working groups related to routing security. As usual the IETF 83 agenda offers a packed schedule and we’re looking forward to meeting up with people at the event.

On that note, if you’d like to connect with Megan or I at IETF 83, please feel free to drop us an email to as that may be the best way to reach us.

See some of you there!

P.S. I’m also going to be in Paris on Saturday and Sunday if any of you are interested in connecting over the weekend.


New Paper – “Challenges and Opportunities in Deploying DNSSEC” at SATIN 2012

This morning at the SATIN 2012 conference in London I (Dan York) will be speaking on the topic of “challenges and opportunities in deploying DNSSEC“. Basically I’ll be providing a view of our experience here at Deploy360 over the past 6 months in looking at how to accelerate the deployment of DNSSEC.  As we have been building up our list of DNSSEC resources, we’ve been taking a look at DNSSEC from the “user experience” point of view.  What are the pain points for network operators? for developers? for content providers? for enterprises?

Where are the opportunities to simplify the user experience and make it easier to deploy DNSSEC?

As part of this presentation at SATIN 2012, we created a 7-page paper documenting our findings.  You can download the PDF of this document at:

Challenges and Opportunities in Deploying DNSSEC (SATIN 2012)

As I note on the “resource” page for this paper, we look at the issue from the perspective of:

  • Domain name consumers - any person or application that is using a domain name.
  • Domain name holders - people or organizations who have registered a domain and, in the context of DNSSEC, want to sign the domain.
  • Domain name infrastructure operators - people or organizations that provide the actual service behind the Domain Name System and have a role to play in the DNSSEC signing and validation processes.

Creating the paper was a very useful process in that it helped us identify some of the places where we can add value through the Deploy360 program in the form of new DNSSEC tutorials, HOWTOs and other documents.  I hope that it will be helpful for others out there who are also looking at ways to help accelerate DNSSEC deployment.

I’d very much love to hear any and all feedback on the document.  This is very much a “progress report” of what we have found at this point in time and I expect the list of both challenges and opportunities to evolve over time.

What do you think of the list in this document?  Do you agree? Disagree?  Can you think of other opportunities for simplifying the user experience with DNSSEC?

Again, I’d love to hear from you, either as comments to this post, email to or via our feedback form

Whitepaper: Challenges and Opportunities in Deploying DNSSEC

At the SATIN 2012 conference on March 23, 2012, the Internet Society’s Dan York spoke about a paper that he and other members of the Internet Society staff developed outlining some of the challenges with DNSSEC deployment and identifying opportunities to simplify the user experience to accelerate DNSSEC deployment. The document is now available for download at:

Challenges and Opportunities in Deploying DNSSEC (SATIN 2012)

The document lays out the challenges and opportunities for:

  • Domain name consumers - any person or application that is using a domain name.
  • Domain name holders - people or organizations who have registered a domain and, in the context of DNSSEC, want to sign the domain.
  • Domain name infrastructure operators - people or organizations that provide the actual service behind the Domain Name System and have a role to play in the DNSSEC signing and validation processes.

Within each section, there are multiple subsections with specific examples.  The document concludes with some thoughts about additional opportunities to accelerate DNSSEC deployment and a lengthy list of resources for further exploration of the topic.

Our goal is that this document can stimulate further discussion about these points and lead to solutions that move DNSSEC deployment further.  We also will be using it within the Deploy360 Programme to identify areas where we need to add more DNSSEC resources to the site.

We welcome any and all feedback and comments, either directly here as comments to this page or sent to us via email or our web form.

Whitepaper: .SE Health Status Report on DNS and DNSSEC

This week the folks at .SE in Sweden released a report full of DNS and DNSSEC information and statistics related to .SE at:

.SE Health Status – DNS and DNSSEC (PDF)

Today at the SATIN 2012 event in London, Anne-Marie Eklund Löwinder from .SE discussed many of the statistics and information contained in the report.    She highlighted many of the major errors they’ve seen and provided an intriguing view into how DNSSEC is actually being deployed in terms of key lengths, encryption algorithms, etc.

At the time of the analysis in early February, .SE had 174,487 domains signed with DNSSEC out of a total of 1,195,719 registered domains.  The document contains a number of interesting charts and other data.

While this report is obviously about a single top-level-domain, it provides interesting insight into DNS and DNSSEC deployment.  Sweden has been a leader in DNSSEC deployment and we look forward to seeing future surveys and the continued growth in signed domains.  Thanks to the .SE team for providing this data to the larger community.

P.S. Want to learn more about how to deploy DNSSEC?  View our list of DNSSEC resources to get started!

Video: Dan York on why Deploy360 was at ICANN43

Why was I (Dan York) at ICANN 43 last week in Costa Rica? While I was at the event, a gent named Glenn McKnight was going around recording videos of various attendees talking about why they were attending ICANN 43. Naturally I was glad to speak to him about the DNSSEC Deployment Workshop and my interest there. Glen is now putting those videos online, and my video interview is available.

(Note: The video interview is only 1 minute 47 seconds long, not the 6:49 shown when you start the video.  The remaining 5 minutes seems to be an entirely black screen. Not sure what happened there.)

Thanks, Glen, for recording the interview!

Speaking at SATIN 2012 on Friday About DNSSEC Deployment

This Thursday and Friday I (Dan York) will be at the “Securing and Trusting Internet Names (SATIN) 2012” event taking place at the National Physical Laboratory (NPL) in London, UK. As the event site indicates, this event is a bit of a merger of academia and industry:

SATIN aims to provide a forum for academic work on the security of the DNS alongside industry presentations on practical experiences in providing name services.

This workshop will expose the academics to the real problems that industry is encountering, and show industry what academia has to offer them.

The SATIN 2012 agenda looks quite good and I’m looking forward to learning a good bit about new research into DNSSEC and other technologies to protect DNS. It’s great to see someone from Comcast there talking about their work and I admit to having a particular interest in the session on DANE, as I see DANE as a potential way to show how DNSSEC can add more value to existing networks. (More on DANE in later posts.)

On Friday I’ll be speaking about some of what we’ve seen as we prepared the DNSSEC part of this Deploy360 site and the opportunities we see for simplifying the user experience and accelerating DNSSEC deployment. As part of preparing for the event, I developed with my colleagues here at the Internet Society a 7-page paper on “Challenges and Opportunities in Deploying DNSSEC” that I’m definitely looking forward to sharing with you all.

We’ll be posting both my paper and slides to our site once the event is over. The NPL is also going to be recording all of the sessions and making them available via YouTube. As soon as the videos are live, we’ll start posting about them here, too.

If any of you reading this will be at SATIN 2012 this week, please do say hello (and feel free to drop me a note in advance).

UNH-IOL Hosting IPv6 Test Event for Home Routers on April 16-20, 2012

The UNH InterOperability Laboratory (IOL) announced this week that they will be holding an IPv6 “Test Event” for home routers on April 16-20, 2012, at their facility in Durham, New Hampshire, USA. This will be an excellent way for consumer electronics manufacturers to test whether their home routers/gateways will be ready to support IPv6 connectivity that will be available with the upcoming World IPv6 Launch on June 6, 2012.  As noted in the UNH-IOL news release:

The UNH-IOL will verify IPv6 functionality for home gateway equipment for World IPv6 Launch. To be added to the World IPv6 Launch list of participating home gateway vendors, companies will need to enable IPv6 ‘on by default’ through their range of home router products and will need to have a product that has completed the IPv6 Ready CE Router (CPE) Interoperability Test Scenario (PDF) at the UNH-IOL. When a company’s device appears on the UNH-IOL CE Router Tested List, in the table that indicates the device performed all the test cases, the company should complete the Registration Form for Home Gateway Routers. ISOC will then add the company to the list of home gateway vendors participating in World IPv6 Launch.

More information about the UNH-IOL IPv6 test event and how to participate can be found at:

The deadline to register is Monday, April 9th!

If you are a vendor of a home router / home gateway, this event will provide an excellent opportunity to test your IPv6 implementation in a confidential environment where vendors work with each other and UNH-IOL staff to test their interoperability and improve their IPv6 support.

It is great that UNH-IOL is hosting this event and we look forward to seeing the list of home router vendors supporting IPv6 grow by World IPv6 Launch!

The Big Question On Avaya’s Acquisition of Radvision – What About The SIP and H.323 Stacks?

Avaya RadvisionWith today's big news in the VoIP / Unified Communications (UC) / telecom space of Avaya's acquisition of Radvision, pretty much all of the coverage has predictably focused on the video angle. While that's certainly important, I have a far bigger question:
What about Radvision's SIP and H.323 stacks?

More specifically -

will Avaya continue to support and promote the strong usage of Radvision stacks by other vendors?

Of all the coverage I've seen so far, only Tom Keating touched on this in his brief post:

They also developed a H.323 stack used in hundreds of VoIP and videoconferencing products before SIP became the dominant VoIP protocol of choice.

Beyond the popular H.323 stack, Radvision's SIP stack has also been used in a good number of products out there - and Radvision also developed stacks for RTP, MGCP and many other VoIP protocols. Just follow the links off of Radvision's developer page at:

to see the wide range of developer solutions they have developed over the years.

For those not familiar with this topic, a "stack" in developer-speak is basically a set of libraries that you can incorporate into your products to enable those products to communicate over a given protocol. So if you want to "SIP-enable" your product, you can license a "stack" from a company like Radvision rather than developing your own stack or using one of the various open source stacks that are out there. Licensing the stack also typically gets you support from the vendor and the ability to request changes/customizations/etc.

Radvision has enabled a good number of companies out there to get into the VoIP world. They have been a supplier of stacks to companies all across the VoIP / UC space.

Now they've been acquired by one of the largest vendors in the VoIP/UC space.

Will Avaya continue to support the widespread usage of Radvision's various stacks by other vendors?

Or will they restrict or reduce the usage? Or increase the costs? If so, what will the other vendor's do?

Can the various vendors using Radvision stacks trust Avaya to continue the developer program? Particularly when they may compete directly against Avaya?

Will there be more attention paid now to other providers of SIP and VoIP stacks?

THAT is the question that I'm most curious about in the midst of this merger...

Other Articles

Some of the pieces worth reading on this topic include:

P.S. Hat tip to Forrester's Henry Dewing, too, for at least recognizing the usage of Radvision's stacks, although he did not ask the question I'm asking here.

If you found this post interesting or useful, please consider either:

World IPv6 Launch Project Now Has Pages on Facebook, Google+

If you want to keep up-to-date on what is happening with World IPv6 Launch coming up on June 6, 2012 – and/or would like to help spread the word, the team working on that project now has a Facebook page and Google+ page (along with the Twitter account they’ve had for a while).

If you use Facebook and could take a moment to “Like” the page or are on Google+ and could add the page to a circle, it will be a great way to stay connected as the date gets closer!

WorldIPv6Launch Facebook

WorldIPv6Launch GooglePlus

And if you need help with getting ready for World IPv6 Launch, check out our IPv6 resources – and please let us know if you need more help!