Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Feb 14
4 IETF Mailing Lists To Follow For Monitoring IPv6
Want to monitor the ongoing evolution of IETF standards related to IPv6? Here are 4 mailing lists and the associated IETF working groups you may consider joining. All lists are open to anyone to join. Note that several of these can have a very large amount of traffic. Each of the mailing list pages also contains a link to the mailing list public archives if you would like to see what is going on in the lists prior to (or instead of) subscribing.
- v6ops mailing list – v6ops charter
The IPv6 Operations Working Group (v6ops) develops guidelines for the operation of a shared IPv4/IPv6 Internet and provides operational guidance on how to deploy IPv6 into existing IPv4-only networks, as well as into new network installations.
- 6man mailing list - 6man charter
The 6man working group is responsible for the maintenance, upkeep, and advancement of the IPv6 protocol specifications and addressing architecture. It is not chartered to develop major changes or additions to the IPv6 specifications. The working group will address protocol limitations/issues discovered during deployment and operation. It will also serve as a venue for discussing the proper location for working on IPv6-related issues within the IETF.
- 6lowpan mailing list - 6lowpan charter
The 6lowpan Working Group has completed two RFCs: “IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals” (RFC4919) that documents and discusses the problem space and “Transmission of IPv6 Packets over IEEE 802.15.4 Networks” (RFC4944) which defines the format for the adaptation between IPv6 and 802.15.4.The Working Group will generate the necessary documents to ensure interoperable implementations of 6LoWPAN networks and will define the necessary security and management protocols and constructs for building 6LoWPAN networks, paying particular attention to protocols already available.
6lowpan will work closely with the Routing Over Low power and Lossy networks (roll) working group which is developing IPv6 routing solutions for low power and lossy networks (LLNs).
- 6renum mailing list - 6renum charter
As outlined in RFC 5887, renumbering, especially for medium to large sites and networks, is currently viewed as an expensive, painful, and error-prone process, avoided by network managers as much as possible.
The task of the 6RENUM working group is to document existing renumbering practices for enterprise site networks and to identify specific renumbering problems or ‘gaps’ in the context of partial or site-wide renumbering. Completion of these tasks should provide a basis for future work to identify and develop point solutions or system solutions to address those problems or to stimulate such development in other working groups as appropriate.
6RENUM is chartered to perform an analysis of IPv6 site renumbering. If the analysis leads to conclusions that are also applicable to IPv4 that will be an advantage, but it is not an objective of the WG to make its outputs more widely available than IPv6. Similarly the WG is targeting enterprise networks, but the analysis may also be applicable to SOHO or other (e.g. ad-hoc) scenarios.
There are other IETF Working Groups (see full list) that may handle other IPv6 interactions, for instance the BEHAVE working group handling NAT issues, but these are the primary working groups working on IPv6 issues.
Feb 13
World IPv6 Launch Coming On June 6, 2012 – Will Your Apps Work with IPv6?
On June 6, 2012, World IPv6 Launch will mark the time when IPv6 is permanently enabled by many operators, website operators, content providers and organizations around the world.
Will your application(s) work on IPv6? What will you need to do to make sure that your apps work as well on IPv6 as on IPv4?
The main point of the book was to help you think through the questions and look at what you need to do.
Will you be ready?
Feb 13
ICANN DNSSEC Workshop March 14 in Costa Rica
Will you be at the ICANN 43 meeting taking place in San José, Costa Rica, in March 2012? If so, on Wednesday, March 14, 2012, there will be a “DNSSEC Workshop” bringing together people to discuss current and future DNSSEC deployment. Information is not yet available on the ICANN 43 website, but the call for proposals indicated that they were seeking talks on:
1. DNSSEC activities in Latin America
2. The realities of running DNSSEC
3. DNSSEC and the Finance Industry
4. When unexpected DNSSEC events occur
5. DNSSEC in the wild
6. DANE and other DNSSEC applications
I (Dan York) will be there in Costa Rica at the session and am definitely looking forward to joining in the conversation and listening and learning. If you will be there at the session, please do say hello (or drop me a note in advance). You can also expect to see information posted here to our blog coming out of that session.
P.S. If you want to attend, there is still time to register for the ICANN 43 meeting. I’m told the DNSSEC Workshop will also be streamed live. As soon as we have the live-streaming information we’ll post that here.
Feb 13
NLnet Labs Makes Their DNSSEC Training Materials Freely Available For All To Use
Want to offer your own DNSSEC training courses? Or want to run an internal DNSSEC training class? Or want to give a DNSSEC presentation to a local user group? Or are you simply looking for material to help you learn more about DNSSEC?
If you answered yes to any of those questions, Olaf Kolkman and the team at NLnet Labs have given the Internet community a wonderful gift in the form of DNSSEC course materials that are freely available for usage and modification (subject to attribution). The slides are all part of a DNSSEC “Train the Trainer” course that Olaf recently gave and are available in PowerPoint, Keynote and PDF form from:
The materials are licensed under a permissive Creative Commons license that basically lets you do whatever you want to the materials, including modify them and use them for commercial training, provided you include the appropriate attribution link.
It’s great that the NLnet Labs team has made this material available and we hope that people across the Internet find it a useful way to teach about DNSSEC and get more people using DNSSEC!
Thanks, Olaf and NLnet Labs!
Feb 12
Attending O’Reilly’s Tools of Change Conference (TOCCON) This Week in New York
This week I will be in New York City at O'Reilly's Tools of Change for Publishing Conference, a.k.a. "TOC" or "TOCCON". As I wrote about recently on the Deploy360 blog, TOC is really the premiere gathering of the people behind the technology behind digital and online publishing. While there certainly are people there from the "traditional" publishing industry, the event really brings together all of those who are disrupting publishing as we know it.
For my part, I am going to primarily to do a deep-dive into the technology and tools behind ebook publishing. While some of my own books are offered as ebooks, the publishers have been the ones doing the actual ebook creation. I certainly understand the basics, but want to really dig deeper. I have a strong interest in seeing what we can do within the Internet Society Deploy360 Programme to take some of the long-form content we or our partners have and make that available in an ebook form. Partly I want people to be able to take the content and have it very easily accessible in an offline form. Partly I want to offer people the ability to consume our content using an ebook reader. And partly I want to experiment with marketing our content through some of the various ebook stores. LOTS of ideas... now, whether I will be able to carve out the time to implement those ideas is a different question. :-)
Anyway, if you are going to be down at TOCCON this week, please do say hello or drop me a msg via email or Twitter.
P.S. TOCCON will be an interesting event for me as I am not speaking, as I often do, nor am I staffing a booth, live tweeting, reporting or anything else. I am just there to learn, meet people and explore new ideas. I'm actually looking forward to the change of pace, bizarre as it will be for me. :-)
Feb 10
U.S. Curling Championships Start Rocking Philadelphia This Weekend!
Expect to see some outstanding curling happening this week!
More on the story:
A local Philadelphia country music station also seems to have helped produce a video with interviews and shots of what is going on there:
Looks like fun, and if you are in the Philadelphia area, this is your chance to get to see some of the best curlers in the nation!
Feb 10
ENISA: Good Practices Guide For Deploying DNSSEC
In March 2010, the European Network and Information Security Agency (ENISA) issued their “Good Practices Guide For Deploying DNSSEC” with the abstract:
Deploying DNSSEC requires a number of security details and procedures to be defined and followed with specific requirements as to timing. This guide addresses these issues from the point of view of information security managers responsible for defining a policy and procedures to secure the DNS services of a company or an organisation, and from the point of view of competent authorities defining or regulating requirements for deployment.
While the document was created prior to the signing of the root zone in July 2010, the concise 29-page guide still provides a good overview of what is involved with working with DNSSEC and provides good guidelines for using and implementing DNSSEC.
The Table of Contents for the document is:
- DNSSEC practices statement
- Signing your zone
- Value of a signed zone
- Designing a signing system
- Signing in a test environment
- Checking the DNS servers
- Key generation and management
- Physical security
- Use of NSEC3
- Key rollovers
- Performance issues
- Publication of keys
- Change of registrar
- Change a zone from signed to unsigned
- Change of domain holder (registrant)
- Selecting a product
- Outsourcing
- Change of DNS provider
- Validating DNS queries
- Configure trust anchors
- Routers, firewalls and other network equipment
- Conclusions
- ANNEX 1: Contents of a TAR’s policy and practices
- ANNEX 2: Support of DNSSEC on commonly used nameservers
- Reference
The document is available for free download in PDF form from the ENISA website.
Feb 10
DNSSEC Training: Internet Systems Consortium (ISC)
The Internet Systems Consortium (ISC), authors and maintains of the BIND DNS server, have been providing DNSSEC-related training for several years at both conferences and in training centers all over the world. Their latest schedule of courses can be found at:
ISC offers focused classes on DNSSEC and also includes DNSSEC as a component of other DNS-related classes. Note that ISC also provides IPv6 training classes.
The Internet Society Deploy360 Programme does not recommend or endorse any particular commercial providers of training. The information provided here is to assist people in finding training providers and is part of a larger effort to list all known providers of DNSSEC-related training. If you know of an additional training providers we should include, please contact us.
Feb 10
DNSSEC Training: NLnet Labs Course Materials (Slides)
In February 2012, Olaf Kolkman from NLnet Labs taught a 2-day DNSSEC “Train-The-Trainer” workshop and nicely made all his course materials available online at:
Olaf made all his courseware available as PDF, PowerPoint and Keynote files under a Creative Commons license that allows the course materials to be copied, modified and even used for commercial purposes – provided that an attribution link is maintained.
It’s great to see this kind of material being made available and we thank Olaf and NLnet Labs for making this material available to the broader community at no cost.
For quick reference, here are the sections of the NLnet Labs course materials (links go directly to the NLnet Labs site):
| DNS vulnerabilities | KEY | PPT | |
| Unbound | KEY | PPT | |
| DNSSEC Theory | KEY | PPT | |
| Troubleshooting | KEY | PPT | |
| Practicalities | KEY | PPT | |
| DNSSEC Key Rollover | KEY | PPT | |
| OpenDNSSEC | KEY | PPT | |
| DNS in a Workflow | KEY | PPT |
