June 14, 2013 archive

Jun 14

IPv6hackers Group To Meet In Berlin on July 28, 2013

IPv6 hackersInterested in IPv6 security? Want to see presentations by people working in the field? If so the members of the “ipv6hackers” mailing list are planning to hold their first face-to-face meeting in Berlin on July 28, 2013, the Sunday prior to IETF 87 in Berlin, Germany.  From the announcement email:

We’re planning to have our first in-person meeting on July 28th, 2013, in Berlin (most likely in the afternoon, between lunch and the IETF welcome reception). The venue would be either the IETF venue (InterContinental Berlin), or some nearby hotel/room (to be confirmed soon).

We’re planning to have some presentations (which MUST be accompanied with code :-) ), and might also have an IPv6 mini-hackathon (i.e., work on code, test implementations, try stuff).

Fernando Gont has asked people who are interested in attending to complete a short survey so that he can know how many people are planning to attend.

If you are interested in IPv6 security, I have found the IPv6 hackers mailing list to be a useful list to monitor as a good number of IPv6 security researchers do participate in the list.  You can see from the archives some of the topics that are discussed. It is open for anyone to subscribe.  There is also a LinkedIn group but as Fernando notes he created the group to help people connect on LinkedIn not as a discussion forum – discussion happens on the email list.

Jun 14

InfoWorld Promotes DNSSEC To Boost Internet Security

InfoWorldWe were very pleased to see InfoWorld publishing this week an article by Roger Grimes titled “Boost your Internet security with DNSSec” that lays out the case for implementing DNSSEC and explains the validation side of DNSSEC.  Given the large audience that InfoWorld has it is good to see DNSSEC getting this coverage.

I’d suggest another useful resource for people reading that article would be SURFNet’s white paper about enabling DNSSEC validation in DNS resolvers as that paper provides step-by-step guidance to enabling validation in BIND, Unbound and Windows Server 2012.

I’d also note for people wanting to experiment with DNSSEC validation, Google’s Public DNS servers do now support DNSSEC and so you can at least temporarily point your system to Google’s servers to try out validation.  As we’ve also noted in the past, anyone who is a Comcast subscriber in North America also has DNSSEC validation happening by default, as do people using many of the ISPs in Sweden, Brazil and the Czech Republic.

As I noted at the beginning, the article covers the validation side of DNSSEC, but for that to really work we also need to get more domains signed with DNSSEC.  I would encourage people to look at our tutorials on how to sign your domain using common registrars – and to ask your registrar when they will let you use DNSSEC if they are not on the list of DNSSEC-capable registrars maintained by ICANN.

Again, it’s great to see InfoWorld covering DNSSEC and I do hope they’ll provide more such articles in the future.  If we can get DNSSEC deployed more widely we’ll go very far in upgrading the security of the Internet!

P.S. I was also intrigued by Grimes’ link to this video of a DNSSEC app for Android from back in 2011.  It looks like a basic browser to check the DNSSEC status of sites.  I may have to investigate a bit more..