November 2016 archive
Nov 04
DNSSEC Activities at ICANN 57 in Hyderabad on 4-7 November 2016 (Featured Blog)
Nov 03
DNSSEC and DANE Activities at ICANN 57 in Hyderabad, India, November 4-7, 2016
Friday marks the beginning of the ICANN 57 meeting in Hyderabad, India. As per usual there will be a range of activities related to DNSSEC or DANE. Two of the sessions will be streamed live and will be recorded for later viewing. Here is what is happening.
All times below are India Standard Time (IST), which is UTC+05:30. (Yes, it is a half-hour off from other timezones.)
DNSSEC For Everybody: A Beginner’s Guide – 4 Nov
On Friday, November 4, 2016, we’ll have our “DNSSEC For Everybody: A Beginner’s Guide” session that will include our usual skit where a bunch of engineers act out how DNS and DNSSEC work! Yes, it’s a good bit of fun and people have told us it has helped tremendously.
- 17:00-18:30 – Hall 2
- More info: https://icann572016.sched.org/event/8cyu/dnssec-for-everybody-a-beginners-guide
- WATCH LIVE: https://participate.icann.org/hyd57-hall2
Please come with your questions and prepare to learn all about DNSSEC!
DNSSEC Implementers Gathering – 6 Nov
On Sunday, November 6, we’ll have our informal “DNSSEC Implementers Gathering” bringing together people who have implemented DNSSEC or DANE in some way for a time to share information, have conversation and light snacks. Invitations have gone out to various DNSSEC mailing lists – if you are interested in attending please send a message to me at york@isoc.org. We thank Afilias for their generous sponsorship of this gathering at ICANN 57!
DNSSEC Workshop – 7 Nov
Our big 6-hour workshop will take place on Monday, November 7, from 09:00 – 15:00 in Room G.03/G.04. Lunch will be included. Thank you to our lunch sponsors: Afilias, CIRA, Dyn and SIDN.
The very full agenda includes:
- DNSSEC Workshop Introduction, Program, Deployment Around the World – Counts, Counts, Counts
- Panel: DNSSEC Activities in the Asia Pacific Region
- Aggressive Use of NSEC/NSEC3
- Panel: Root Key Rollover Discussion – Recursive Resolver Software Readiness
- Demonstration: DNS Operator Interface for DNSSEC
- Research Infrastructure for Internet Naming, Identification, and the DNS
- The Great DNSSEC/DNS Quiz
- Demonstration: Windows Server DNSSEC Functionality
- Demonstration: DNSSEC-S/MIME-DANE Package for Microsoft Outlook
- Secure Mailserver Using DNSSEC/TLSA
- DNSSEC – How Can I Help?
It should be an outstanding session!
- 09:00 – 15:00, Room G.03/G.04
- WATCH LIVE: https://participate.icann.org/hyd57-G3
- More info and slides are available from these URLs (ICANN’s online schedule system breaks it up into sections based on breaks and lunch):
As neither I nor Russ Mundy were able to travel to Hyderabad, I want to personally thank Wes Hardaker and Jacques Latour for stepping in to help with some of the emceeing and other meeting facilitation duties.
Please do join us for a great set of sessions about how we can work together to make the DNS more secure and trusted!
If you would like more information about DNSSEC or DANE, please visit our Start Here page to begin.
Nov 02
NIST Publishes New Guide: “DNS-Based Email Security” about DANE and DNSSEC
How can we make email more secure and trusted? How can we encrypt all email between mail servers? And how can we use DANE and DNSSEC to provide that added layer of security?
Today the U.S. National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology released a “draft practice guide” exploring those exact questions. Titled “Domain Name Systems-Based Electronic Mail Security (NIST Special Publication 1800-6)” the document offers guidance to enterprises and others into “how commercially available technologies can meet an organization’s needs to improve email security and defend against email-based attacks such as phishing and man-in-the-middle types of attacks.” Specifically it gets into how DNSSEC and DANE can be used to authenticate server addresses and the Transport Layer Security (TLS) certificates used for confidentiality.
As NIST states on their web page, the goal of the project around this publication is:
- Encrypt emails between mail servers
- Allow individual email users to digitally sign and/or encrypt email messages
- Allow email users to identify valid email senders as well as send digitally signed messages and validate signatures of received messages
You can download the guide or sections of it from that web page.
NIST is seeking public comments on this new guide from today through December 19, 2016.
It’s great to see NIST publishing this document and we hope everyone reading this post will take a look and spread the word.
And if you are interested in getting started with DNSSEC and DANE, please visit our Start Here page to find resources to help.
Nov 01
In September, Singapore and Senegal Signed Their .SN and .SG with DNSSEC
Congratulations to the teams in both Singapore and Senegal for signing their country-code top-level domains (ccTLDs) with DNSSEC back in September. According to Rick Lamb’s list of DNSSEC-signed TLDs, Singapore’s signature for the .SG domain was added to the root of DNS on September 22, and Senegal’s signature for .SN was added on September 30. [1]
This means that as of those dates, second-level domains under .SG and .SN could start receiving the added layer of security and trust possible with DNSSEC. In Singapore SGNIC started actively encouraging people to sign their domains. In Africa, ICANN’s Yaovi Atohoun wrote about how Senegal is the third African ccTLD to sign with DNSSEC this year.
I also added both countries to our weekly DNSSEC Deployment Maps so people can see them there. (And here’s a test of your geography: where are Senegal and Singapore?)
This is all great news as the world continues to add a layer of trust to answers from DNS by using DNSSEC. Congrats again to the teams in both countries!
If you would like to get started with DNSSEC, please visit our Start Here page to begin.
[1] To be precise, what happened is that the “Delegation Signer” or “DS” records for each TLD were added to the root of DNS. The DS record is a fingerprint of the DNSKEY used to sign the domain. It is included in the parent zone to create a “global chain of trust” from the root of DNS on down.
Nov 01
Writing Every Day of November – the NaNoWriMo and NaBloPoMo Challenges
Today is the day! Every year on November 1 some number of writers across the world challenge themselves to write EVERY SINGLE DAY in November.
Some amazingly choose to focus on writing a novel. They go the "NaNoWriMo" route, a.k.a. "National Novel Writing Month"... where "national" is really any nation in the world. Best place to learn more is the simple address: nanowrimo.org
Given that the target of NaNoWriMo is to write 50,000+ words, that's a serious commitment!
Others of us, and I'll add myself this year, choose to focus instead on writing at least one blog post every day as part of "NaBloPoMo", a.k.a. "National Blog Posting Month".
NaBloPoMo started back in 2006 and since 2011 has been championed by the BlogHer community. BlogHer is supporting NaBloPoMo again in 2016, but it wasn't clear for a while if they were going to do so. Meanwhile, another group at the "Cheerpeppers" site started a "blog once a day" challenge under the name "Nano Poblano".
Regardless, the point is to challenge yourself to write every day.
And of course being in our social world, you can follow along at the hashtags #NaNoWriMo and #NaBloPoMo - and also now #Nanopoblano (the hashtags all link to Twitter here but you can find them used on other social networks as well).
For myself, I am going to give it a try. Writing (and publishing) every day. As I recently wrote, I'm struggling to write consistently... so this provides a goal for me to strive for.
Now, I won't be writing here on Disruptive Conversations every day. My personal goal is publish some article across all my various blogs each day of November. That includes the blogs at the Internet Society, my employer.
You - and I - will be able to track how I am doing at my danyork.me site where I aggregate all my posts across all my sites.
We'll see how I do!
And best wishes to everyone else who are pushing themselves to do one of these challenges this year. Let's see the writing happen!
P.S. I haven't signed up for either the BlogHer or Cheerpeppers challenges. I'm just doing this for me right now.