November 1, 2013 archive

4 Sessions About DNSSEC, DNS And DANE At IETF 88 Next Week

IETF LogoNext week IETF 88 in Vancouver will be a bit quieter on the DNSSEC and DANE front.  As I wrote in a post today on our “Internet Technology Matters (ITM)” blog, “Rough Guide to IETF 88: DNSSEC, DANE and DNS“, the only major working group related to DNSSEC that will be meeting will be the DNSOP WG on Tuesday, November 5th.  However, in that meeting there will be the very big topic of how we automate the transfer of updated DS / DNSKEY records from a child zone up to a parent zone within DNS.  There are  a couple of different proposals that will be discussed, including:

It should be an excellent discussion.  As I wrote in the ITM post, there are several other interesting drafts as well being discussed in DNSOP – all focused around improving the operations of DNSSEC.  It should be a great session at IETF!

The DANE Working Group is not meeting but as I mentioned in the other article I expect that DNSSEC / DANE will come up in some of the many conversations that will be going on next week related to how we harden the Internet against large-scale surveillance and pervasive monitoring.  The Technical Plenary on Wednesday, November 6, should be an excellent event well worth listening to.   The “Perpass” BOF session will dive into more details. I don’t know if DNSSEC / DANE will be discussed there… but it certainly could be.

The DNS-SD Working Group discussion could also be quite interesting because as you extend DNS service discovery beyond a simple local network into a multi-network environment, you need to have some way to securely communicate that information.  We’ll see what is begin talked about in that regard.

Anyway, here are four of the sessions where DNSSEC / DANE / DNS will be discussed – you can expect to find me in all of them:

NOTE: If you are not going to be in Vancouver next week, there are multiple ways that you can participate remotely in these working groups, including audio streams and Jabber chat rooms.

Rough Guide to IETF 88: DNSSEC, DANE and DNS

On the Internet, the Domain Name System (DNS) performs the critical role of translating human-readable domain names into the underlying IP addresses needed by computers to connect. The challenge is that attackers can subvert and modify DNS messages with the result that users and applications can be directed to wrong (and potentially malicious) sites. In response to this threat, the IETF community created DNS Security Extensions (DNSSEC), which is now being deployed across the Internet.

Dan York