Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
May 12
DNSSEC and DNS Security Talks At DNS-OARC Spring Forum Streaming Live Out of Dublin Today And Tomorrow
Can’t get to Dublin, Ireland, to attend the DNS-OARC Spring Forum 2013 but interested in all the DNS and DNSSEC-related talks? The good news is that there is a webcast / livestream of the event via Adobe Connect at:
http://icann.adobeconnect.com/dns-oarc/
As I wrote about last week, there are a good number of the talks related to DNSSEC and DNS security. The event has been extremely interesting so far today.
To watch the livestream, you should reference the DNS-OARC timetable – and remember that all times are Irish Standard Time (currently UTC/GMT+1).
Slides for the talks are also listed on the timetable page.
I’ll be speaking this afternoon at 5:35pm Dublin time about some of the challenges we’ve seen related to DNSSEC deployment and asking for feedback.
Tomorrow morning, Monday, May 13, the timetable is full of DNSSEC talks from 9:00 to 10:40 am that should make for good listening.
May 10
RIPE66 Next Week: Sessions on IPv6, DNS and Routing
Next week in Dublin, Ireland, the RIPE 66 Meeting will take place from May 13-17 and a number of Internet Society technical staff will be onsite including two of us from Deploy360: Jan Zorz and myself (Dan York). The meeting plan has a great number of topics of interest, but two in particular that we’ll be tracking include:
Best Current Operational Practices – Efforts from the Internet Society
Monday, 13 May 16:00-17:00 (Irish Standard Time – currently UTC+1)
Jan will be speaking about the work he has been doing to explore how information from the operations community can best be made more widely available – and asking for feedback from those attending.Panel: Seven Years of Anti-Spoofing: What Happened Since the RIPE Task Force and What Still Needs to be Done
Tuesday, 14 May 16:00-17:00
Our Internet Society colleague Andrei Robachevsky along with Benno Overeinder of NLnet Labs will be moderating this panel of network operators, security experts and vendors to dive into the issue of spoofed IP addresses and how they contribute to Distributed Denial-of-Service (DDoS) attacks. Given that there are known mitigation approaches such as BCP 38, why are DDoS attacks still so common? What can the larger operator community be doing to combat IP spoofing?
This last session is extremely relevant to the new Routing Resiliency/Security section of the site that we are seeking to build out, so we’ll definitely be listening to the conversations and feedback.
Naturally we’ll also be paying attention to these working group sessions:
- IPv6 Working Group
- DNS Working Group (Wednesday, May 15)
- Routing Working Group (Thursday, May 16)
The event will be streamed live and as soon as we have that information we’ll update this post.
We’re very much looking forward to the RIPE 66 event – if you are going to be there please do say hello!
May 09
Excellent DNSSEC Sessions Coming Up At DNS-OARC Spring Forum This Weekend
This weekend begins the “Spring Forum” of the Domain Name System Operations Analysis and Research Center, a.k.a. “DNS-OARC” and it once again represents a gathering of many of the prominent people within the DNS / DNSSEC community. The event takes place in Dublin, Ireland, on the Sunday and Monday morning prior to the RIPE 66 meeting happening for the rest of the week.
In look at the list of contributions to the DNS-OARC Spring Forum, a number are related to DNSSEC and I’m quite looking forward to listening to them. They include:
DNS Security: Beyond DNSSEC, A “He Must Be Nearing Retirement” Manifesto
Ed Lewis said on a call that he’s going to be talking about ways he thinks DNS can be better secured. Ed has been around the DNS/DNSSEC world for a long time, so I’m looking forward to his ideas.Measuring DNSSEC
Geoff Huston recently published a long blog post about “Measuring DNSSEC Performance” that got quite deep into analysis. I am assuming Geoff and George Michaelson will be explaining their findings live at this event.The Use of Elliptic Curve Cryptography in DNSSEC
This presentation by Francis Dupont should be an interesting view into the viewpoint that we ought to be doing more with elliptic curve cryptography (and specifically ECDSA) within DNSSEC.GPU-based NSEC3 Hash Breaking
Based on the description, this appears to be about a tool that can be used to break the hashes used in NSEC3 records. Not entirely sure where this one is going… so I will be interested to hear it.Next Steps In Accelerating DNSSEC Deployment
How do we get DNSSEC more rapidly deployed. I’ll be speaking about what we’ve found in the process of developing the DNSSEC side of Deploy360 as well as what has come up through the dnssec-coord mailing list / conference calls and other industry efforts.
Beyond those DNSSEC-related sessions, I’m definitely interested in the sessions around DNS amplification attacks, DNS monitoring and really all the other topics. Definitely a place for those of us interested in DNS and DNSSEC to gather!
I don’t believe there is a livestream, but I do believe the slides will be available as links off the agenda page as they become available. If you are going to be there at the DNS-OARC Spring Forum, do say hello – and please do let me know your ideas around how we can help here at Deploy360 with resources related to DNSSEC deployment.
May 09
Ebook for "7 Deadliest UC Attacks" Now Available DRM-Free From O’Reilly Books
I was extremely pleased to recently learn that the ebook of "Seven Deadliest Unified Communications Attacks" is now available DRM-free through a deal between Syngress/Elsvier and O'Reilly. As I noted in a recent podcast about DRM-free books, this allows you as the reader much more flexibility and freedom in being able to read the ebook on the platform and device of your choosing.
You can now purchase 7 Deadliest UC Attacks in either Epub of PDF formats directly from O'Reilly.
The great part about ordering DRM-free ebooks from O'Reilly is that you can easily get back to your ebooks and download them in multiple formats. They also alert you to updates if there are any.
Kudos to the folks at Elsevier and Syngress for making all of these ebooks available DRM-free!
May 09
Packet Pushers Healthy Paranoia Podcast: IPv6 Security Smackdown
Interested in IPv6 security? Back in October 2012, the Packet Pushers podcast had a great show on the topic called “Healthy Paranoia Show 4:IPv6 Security Smackdown!” Guests included many of the people we’ve routinely interacted with about IPv6 at events and on mailing lists:
- Fernando Gont, security researcher
- Eric Vyncke, Cisco Distinguished Consulting Engineer and author
- Joe Klein, security researcher
- TJ Evans, IPv6 instructor and engineer
- Jim Small, Sr. Consultant – Network/Security Architecture and Engineering, CDW
- Scott Hogg, Cisco Press author and Director of Technology Solutions for RMv6TF
The show runs about 90 minutes and is well worth a listen!
May 09
TDYR #004 – 1 Year After Going DRM-free, Tor Books Sees No Increase In Piracy
One year after going DRM-free for their ebooks, Tor Books reports that they have "seen no discernible increase in piracy". In this episode I talk about why that is important, how DRM is anti-consumer and as an author and reader why I prefer DRM-free titles.
More:
http://www.tor.com/blogs/2013/04/tor-books-uk-drm-free-one-year-later
Commentary:
http://www.techdirt.com/articles/20130430/22322922899/tor-books-uk-says-ditching-drm-showed-no-increase-piracy.shtml
My DRM-free books:
http://migratingappstoipv6.com/ (O'Reilly)
http://www.7ducattacks.com/ (Published by Syngress and recently made available DRM-free through O'Reilly's ebook platform)
May 08
TDYR #003 – Syria Disappears From The Internet (And Then Returns) – What Can We Learn From This?
The entire country of Syria went offline on May 7-8, 2013, for about 19-20 hours. What can we learn from this event?
http://www.renesys.com/blog/2013/05/syrian-internet-fragility.shtml
http://www.washingtonpost.com/blogs/worldviews/wp/2013/05/08/how-did-syria-cut-off-the-entire-country-from-the-internet/
http://labs.umbrella.com/2013/05/07/breaking-news-traffic-from-syria-disappears-from-internet/
http://www.newyorker.com/online/blogs/comment/2013/05/why-did-syria-shut-down-the-internet.html
May 06
Video: Have We Found the Cure for Bufferbloat? (Featured Blog)
Following up on my recent post about how solving the Bufferbloat problem could dramatically increase the speed of Internet usage, I recently learned via a Google+ post by Michael Richardson of this video of a presentation by Jesper Dangaard Brouer of Red Hat at the recent DevConf.cz Brno 2013 titled "Beyond the existences of Bufferbloat - Have we found the cure?" More...
May 06
RFC 6180 Offers Guidelines for Using IPv6 Transition Mechanisms
How can you best migrate your network to IPv6? What is the best transition mechanism to use of the many available? Should you make your network dual-stack? Use tunneling? Go IPv6-only with gateways on the edge?
I’ve been asked this question lately by a number of people and unfortunately the answer to what is “best” is really…
“It depends.“
There are a lot of variables relating to the type of network you have – the architecture, the equipment, the applications, etc.
Thankfully, there are a good number of documents out there that can help with thinking about what mechanism will work best for your. One of those is RFC 6180, “Guidelines for Using IPv6 Transition Mechanisms during IPv6 Deployment“, available at:
It is an informational RFC (i.e. not a “standard” but a document intended to be helpful) that outlines four different deployment scenarios and how you might use them. While it was published in early 2011 and a LOT has happened with IPv6 in the two years since, the document is still a good reference document and one I would encourage you to review.
Most importantly, just start getting IPv6 deployed!
May 06
TDYR #002 – On The Incredible Importance Of Owning Your Online Platform
TDYR #002 - On The Incredible Importance Of Owning Your Online Platform by Dan York
