March 18, 2015 archive

Rough Guide to IETF 92: DNSSEC, DANE and DNS Security

As per usual, DNSSEC, DANE and DNS security in general are all topics of great attention at IETF 92. The major DNS-related working groups, DNSOP and DANE, are both meeting with busy agendas and the DPRIVE working group is back again with a focus on DNS privacy concerns. Here is a rough view of what the week looks like...

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely and listen to these sessions.

Dan York

Registration Operations Workshop This Sunday Before IETF92 To Talk About EPP, Encryption, DNS

Registration Operations WorkshopHow can operators of registries such as top-level domains (TLDs) make their operations more efficient and more secure?  What can operators learn from each other?  And what are some of the larger initiatives happening that may affect registry operators?

These are all the kinds of questions that will be discussed this coming Sundary, March 22, 2015, at the 2nd Registration Operations Workshop (ROW) happening at the Fairmont Dallas Hotel on the Sunday before IETF 92 starts.  The ROW workshop is not affiliated with the IETF but has worked with the IETF to use a room at the same venue.  There’s a website where you can learn more at:

http://www.regiops.net/

and Scott Hollenbeck wrote about the call for participation for the event back in February on CircleID. Scott subsequently provided an update to the provreg mailing list (about the Extensible Provisioning Protocol (EPP)) where he outlined the agenda for Sunday’s workshop that will include:

  • A discussion of the new RFC 7451 about registering extensions to EPP.
  • Richard Barnes of Mozilla will focus on the Let’s Encrypt initiative and the Automatic Certificate Management Environment (ACME) protocol.
  • Olafur Gudmundsson of CloudFlare and Jacques Latour of CIRA will focus on a proposal for a new registry access model to update delegation information.

All of those topics are interesting, but this last topic is of particular importance to us here at Deploy360 as it relates to the challenges for automating DNSSEC within the current DNS registration model. Specifically the inability of DNS operators to update the DS record in a TLD registry. This lack of automation may have played a role in the recent HBO NOW problem with misconfigured DNS records – and regardless is clearly a point that needs to be fixed.  Olafur and Jacques will be discussing this issue and seeking input on what can be done.

If you are interested in these topics you can visit the ROW website to register and attend on Sunday.  Remote attendance is possible (for instance, I will be doing so).  You just need to register on the ROW website and they will send you the info about how to participate remotely.

I think this is a great initiative to increase communication between operators who interact with registration systems and I would encourage you to check it out and participate if you can.  Any way we can increase the automation that helps make the Internet more secure is a good thing!