Just a guy in Vermont trying to connect all the dots...
Author's posts
Sep 28
ICANN Postpones DNSSEC Root KSK Rollover – October 11 will NOT be the big day
People involved with DNS security no longer have to be focused on October 11. News broke yesterday that ICANN has decided to postpone the Root KSK Rollover to an unspecified future date.
To be clear:
The Root KSK Rollover will NOT happen on October 11, 2017.
ICANN’s announcement states the the KSK rollover is being delayed…
…because some recently obtained data shows that a significant number of resolvers used by Internet Service Providers (ISPs) and Network Operators are not yet ready for the Key Rollover. The availability of this new data is due to a very recent DNS protocol feature that adds the ability for a resolver to report back to the root servers which keys it has configured.
Getting More Information
Discussion on the public DNSSEC-coord mailing list indicates more info may be available in a talk Duane Wessels is giving at the DNS-OARC meeting tomorrow (Friday, September 29). The abstract of his session is:
A Look at RFC 8145 Trust Anchor Signaling for the 2017 KSK Rollover
RFC 8145 (“Signaling Trust Anchor Knowledge”) was published in April 2017. This RFC describes how recursive name servers can signal, to authoritative servers, the trust anchors that they have configured for Domain Name System Security Extensions (DNSSEC) validation. Shortly after its publication, both Unbound and BIND implemented the specification. As organizations begin to deploy the new software versions, some of this “key tag data” is now appearing in queries to the root name servers.
This is useful data for Key Signing Key (KSK) rollovers, and especially for the root. Since the feature is very new, the number of recursive name servers providing data is not as significant as one might like for the upcoming root KSK rollover. Even so, it will be interesting to look at the data. By examining this data we can understand whether or not the technique works and hopefully inspire further adoption in advance of future KSK rollovers.
If you, like me, will not be in San Jose for this session, there will be a webcast / live stream. The link should be available tomorrow morning on the DNS-OARC event page. Or you can follow the #oarc27 hashtag or @dnsoarc onTwitter.
Per the OARC 27 timetable, Duane’s talk begins at 9:40am PDT (UTC-7). (Side note: for those involved with DNS, there are many other excellent sessions on the timetable!)
Apparently whatever data ICANN received through this research convinced them that not enough ISPs were ready to go with the new KSK and so a postponement was necessary.
Understandable caution
I do understand why ICANN would step back and delay the KSK roll. If there are significant sections of the Internet that will experience issues with resolving DNSSEC-signed domains on October 11, it is prudent to wait to assess the data and potentially reach out to affected ISPs and other network operators. Particularly when, as we noted in our State of DNSSEC Deployment 2016 report last year, the number of domains signed with DNSSEC continues to grow around the world.
I look forward to working with ICANN and the rest of the DNSSEC community to set a new date. As I wrote (along with my colleague Andrei Robachevsky) in our comments back in April 2013, we believe that the Root KSK should be rolled soon – and rolled often – so that we gain operational experience and make Root KSK rollovers just a standard part of operations. (Note: our CITO Olaf Kolkman submitted similar comments, although at the time he was with NLnet Labs.)
Updating the DNS infrastructure is hard
The challenge ICANN faces is that updating the global DNS infrastructure is hard to do. The reality is that DNS resolvers and servers are massively DE-centralized and controlled by millions of individual people. You probably have one or more DNS resolvers in your home in your WiFi router and other devices.
The success of DNS is that generally it “just works” – and so IT teams often set up DNS servers and then don’t pay much attention to them. At a talk I gave yesterday to about 180 security professionals at the ISC2 Security Congress in Austin, TX, I asked how many people had updated the software on their DNS resolvers within the past year – only a few hands were raised.
All of the latest versions of the major DNS resolvers support the new Root KSK. Recent versions all generally support the automated rollover mechanism (RFC 5011). But… people need to upgrade.
And in the example of a home WiFi router, the vendor typically needs to upgrade the software, then the service provider has to push that out to devices… which can all take a while.
A group of us looking to expand the use of elliptic curve cryptography in DNSSEC wrote an Internet Draft recording our observations on deploying new crypto algorithms. Updating the root KSK as a trust anchor faces a similar set of issues – although a bit easier because the focus is primarily on all the DNS resolvers performing DNSSEC validation.
The critical point is – upgrading the global DNS infrastructure can take some time. ICANN and members and of the DNSSEC community (including us here at the Internet Society) have been working on this for several years now, but clearly the new data indicates there is still work to do.
Next Steps
The good news is that companies now have more time to ensure that their systems will work with the new key. The new Root KSK is published in the global DNS, so that step has at least been done. More information is available on ICANN’s site:
I would recommend two specific pages:
- Checking the Current Trust Anchors in DNS Validating Resolvers – instructions for how to check IF your resolver is performing DNSSEC validation, and, if so, how to ensure it is updated for the new key.
- Automated Trust Anchor Update Testbed– a system you can use to test if your resolvers will automatically roll over to use the new KSK.
The time to do this is NOW to be ready for the Root KSK Roll when it does happen.
For more information about DNSSEC in general, please see our Deploy360 DNSSEC page.
Image credit: Lindsey Turner on Flickr. CC BY 2.0
P.S. And no, that is NOT what the “Root key” looks like!
The post ICANN Postpones DNSSEC Root KSK Rollover – October 11 will NOT be the big day appeared first on Internet Society.
Sep 25
For Immediate Release #106: Toot Your Own Horn
Melissa Agnes and Dave Fleet joined host Shel Holtz for conversations about these topics:
- The FTC reached a settlement with social media influencers who failed to disclose their relationship with the brand that paid them, sending a signal that the regulator will no longer confine its actions to the brands.
- Some content creators have seen their advertising revenues plummet in the wake of YouTube’s use of Artificial Intelligence to prevent advertising from being injected into potentially offensive content. Most of them aren’t producing offensive content.
- The New York Yankees’ response to a young girl in the stands who injured by a line-drive foul ball was terrible.
- Brands have been communicating their efforts to assist in relief efforts after Hurricanes Harvey, Irma, and Maria. One PR commentator thinks they should just keep their mouths closed.
- Equifax doesn’t seem capable of taking a single right step in its post-breach communication. Now, the U.S. Securities and Exchange Commission has disclosed a breach of its own with a lengthy, bureaucratic statement. Is the public being desensitized to data breaches that can harm them?
Connect with our guests via Twitter at @Melissa_Agnes and @DaveFleet.
Links to the source material for this episode are on Contentle.
Special thanks to Jay Moonah for the opening and closing music.
FIR is recorded with Zencastr.
About today’s guest co-hosts:
Melissa Agnes is a founding partner of Agnes+Day, a crisis intelligence firm. In her role, Melissa is a crisis management consultant and keynote speaker, has developed an international reputation for crisis management, planning and training by helping large global brands prevent and manage a wide range of corporate issues and crises. Her client list includes government agencies, cities and municipalities, healthcare organizations, energy companies, global non-profits, financial organizations, the public and private sectors and many others. Melissa is an international and sought-after keynote speaker and guest lecturer.
Dave Fleet is Executive Vice President and National Practice Lead, Digital, in Edelman‘s Toronto office. An award-winning communications professional with both public and private-sector experience, Dave is responsible for developing and implementing digital engagement strategies for some of the world’s best-known brands across consumer, corporate, technology, corporate and public affairs verticals. Before joining Edelman, Dave launched and built the digital communications practice at Thornley Fallis. Before that, he spent five years working in the public sector in progressive strategic communications positions. In 2008, Dave was presented with the Amethyst Award, the highest award available to Ontario public service staff.
The post FIR #106: Toot Your Own Horn appeared first on FIR Podcast Network.
Sep 23
TDYR 333 – Returning Into The Light
Sep 18
Watch the Internet Hall of Fame (IHOF) Awards Tonight From L.A.
Who will be inducted into the 2017 Internet Hall of Fame? Who will be recognized for their contributions to the Internet? Find out today at 5:30pm PDT (00:30 UTC) through live video streams. There are multiple options to watch:
The IHOF award ceremony will be recorded and available for later viewing on Livestream, YouTube and Facebook.
Additionally, there is a live transcription service:
You can also follow IHOF activity on Twitter via the @Internet_HOF account and #IHOF2017 hashtag.
The IHOF awards ceremony begins 24 hours of our InterCommunity 2017 event. View the ICOMM 2017 schedule to see what will be happening over the time.
The post Watch the Internet Hall of Fame (IHOF) Awards Tonight From L.A. appeared first on Internet Society.
Sep 18
For Immediate Release #105: Center Stage for Credible Sources
Neville and Shel got together for the September edition of The Hobson & Holtz Report to talk about these topics:
- The self-inflicted downfall of the UK PR agency, Bell Pottinger (and kudos to the PRCA for putting teeth in its ethics code)
- How various fields will be affected by speech recognition (including PR and communications)
- Mitch Joel’s open letter to the advertising industry: Let’s not mess up ads for voice
- The proliferation of fake scientific journals (and what it means for the PR industry)
- The Pew Research Center has identified five “types” of people who search for facts and information, with implications for content marketing
- Are Americanisms killing British English (and does it matter)?
- In his Tech Report, Dan York explains why “Gutenberg,” the WordPress editor, may take longer than expected to appear. Dan also talks about the launch of the new Internet Society website.
Connect with Neville on Twitter at @jangles.
Links to the source material for this episode are on Contentle.
Special thanks to Jay Moonah for the opening and closing music.
About Neville Hobson:
Neville Hobson was co-host of The Hobson & Holtz Report for over 10 years. For over 15 years, Neville has been a voice of experience and influence when it comes to speaking about digital technologies, disruptive change in workplaces and marketplaces, relevant trends to pay close attention to, and what it all means for your business. His experiences embrace deep understanding and subject-matter expertise in contemporary business issues that include social, digital and cognitive technologies, connecting that with a career in traditional public relations, marketing communication, employee, compensation and benefits communication, and investor relations. Based in the Thames Valley some 30 miles west of London, Neville works either from his home office, or from a client’s location; or from wherever he has a good network connection.
The post FIR #105: Center Stage for Credible Sources appeared first on FIR Podcast Network.
Sep 17
WATCH LIVE: the “25 under 25” Award Ceremony, Monday, 18 September, at 9:00am PDT
Want to learn more about our “25 Under 25” award recipients? How are they using the Internet to change the communities in which they live? On Monday, September 18, 2017, at 9:00am US Pacific (16:00 UTC), you will have the chance to learn about the amazing work they are doing. The awards ceremony will be streaming live out of Los Angeles on both Livestream.com and Facebook. You can watch at:
(live video stream will appear there)
22 of the awardees will be in L.A. to receive their awards. (Three were denied visas.) One of the initiatives supporting the Internet Society’s 25th Anniversary, the program recognizes 25 young people from around the globe who are passionate about using the Internet to make a positive impact in their communities and the world.
Representing 19 countries on five continents, the 25 Under 25 awardees’ initiatives include creating an anti-cyberbullying youth movement in Australia, providing e-health education to teens in Tanzania, and using ICTs to break the cycle of poverty for families in Costa Rica.
Join us to be inspired in how these young people are working to #ShapeTomorrow!
P.S. The award ceremony will be recorded if you are not able to watch it live.
The post WATCH LIVE: the “25 under 25” Award Ceremony, Monday, 18 September, at 9:00am PDT appeared first on Internet Society.
Sep 11
For Immediate Release #104: Two Versions of Three H’s
Paul Barton and Sean Williams joined host Shel Holtz for conversations about these topics:
- Paul recalls how PetSmart, where he worked at the time, reacted to the Sept. 11 terrorist attacks.
- Since 9/11, have companies gotten any better at communicating with employees during crises or emergencies?
- Its acquisition of Rockwell Collins gives United Technologies an opportunity to do well what many other companies don’t: communicate with employees the change they’ll experience as a result of the merger.
- Equifax has done a terrible job of communicating its data break even if it has checked off all the boxes. (And we haven’t heard a thing about how they’re communicating to employees.)
- Executives and HR managers agree that a strong culture is important. Leaders think they already have one. HR managers aren’t so sure.
- All collaboration is communication, but not all communication is collaboration. Yet too many collaboration tools are being used as if they’re for more general communication.
- Tech correspondent Dan York has a question for listeners: What are you using for editorial calendars for WordPress sites?
- A listener asks if it’s possible to set up a Facebook Live session exclusively for people who pay to watch it.
Connect with our guests via Twitter at @PaulBartonABC and @CommAMMO.
Links to the source material for this episode are on Contentle.
Special thanks to Jay Moonah for the opening and closing music.
About today’s guest co-hosts:
Paul Barton, ABC, is business communications consultant who combines fresh thinking with decades of experience. Before beginning his solo practice as Principal Consultant at Paul Barton Communications and Phoenix Public Speaking, he had a successful 20-year career leading internal communications at six fast-growing Fortune 500 companies in multiple industries. Those experiences led him to write the book Maximizing Internal Communication. Paul is a long-time and accredited member of the International Association of Business Communicators (IABC), and he is a frequent workshop presenter on internal communication, crisis communication, and public speaking. Paul also is a “serial adjunct-preneur,” teaching courses in business communication and public speaking at several colleges in the Phoenix area. When not working, you can find Paul enjoying life with his family and playing guitar.
Sean Williams is Vice President and Practice Lead, Education and Internal Communications, at True Digital Communications. Before joining True Digital, Sean was the owner of Communication AMMO, Inc. Williams has held executive communication posts at National City Bank, KeyCorp and The Goodyear Tire & Rubber Company. He also provides managerial communication training through Face2Face Communication, which he acquired from Joe Williams Communications in 2015. Earlier in his career, Williams was senior consultant for Williams, where he expanded the strategic planning, research, and consulting practices, and led and refined the Face2Face program with companies including First Energy Corp., KeyCorp, the Federal Reserve Bank of Cleveland, Merck, Millennium Pharmaceuticals, Prudential and Lucent, training literally thousands of managers in the innovative and highly rated program. He also is an adjunct professor of Public Relations at Kent State University, and has created graduate classes in PR Measurement/ROI and social media measurement for Kent and another university.
The post FIR #104: Two Versions of Three H’s appeared first on FIR Podcast Network.
Sep 04
For Immediate Release #103: #Happy #Birthday, #Hashtag
Marshall Kirkpatrick and Augie Ray joined host Shel Holtz for conversations about these topics:
- The hashtag just celebrated its 10th birthday. Is it a curiosity or an important feature of the digital environment?
- A study finds people who get business communication featuring emojis don’t think positive things about the person who sent it. Is there a place for emojis in business communication?
- Microsoft-based VR headsets are about to hit the market at lower price points than the competition, potentially propelling Virtual Reality into the mainstream…or not.
- Facebook Page reach has declined 20% in 2017. Why are we still talking about this?
- Influencer marketing may be an oversold magic bullet. But there’s a subtle distinction between influencer marketing and influencer engagement.
- In his Tech Report, Dan York discussed the impending change of the WordPress editor to a new “block-style” editor called “Gutenberg.”
Connect with our guests via Twitter at @MarshallK and @AugieRay.
Links to the source material for this episode are on Contentle.
Special thanks to Jay Moonah for the opening and closing music.
FIR is recorded using Zencastr.
About today’s guest co-hosts:
After a successful career blazing trails in new media as one of the top tech bloggers in the world (first-hired writer at TechCrunch, co-editor of ReadWriteWeb), Marshall Kirkpatrick led the Little Bird team building software for enterprise marketers to do research, real-time market intelligence and marketing amplification. The tool for influencer marketing, content marketing, and research was recently by Sprinklr, the full-service social media management system, where Marshall now serves as product director for Influencer Marketing and Research.
Augie Ray is a Research Director covering customer experience for marketing leaders at Gartner. He has had a diverse career, including leading a digital experiential agency, directing social business at USAA and managing a global customer experience team at American Express. In his present role, Augie researches and advises clients on topics such as Voice of Customer, customer journey mapping, customer experience strategy and virtual reality.
The post FIR #103: #Happy #Birthday, #Hashtag appeared first on FIR Podcast Network.
Aug 29
Testing writing a post with Gutenberg
Pretty cool!But much more to experiment with. Testing a bit more. More testing.