Category: About Deploy360

Mar 06

WATCH LIVE Today – DNSSEC For Everybody: A Beginner’s Guide, from ICANN 55

ICANN 55 entrance

Want to learn about DNSSEC and how it helps add a layer of trust to DNS? Puzzled by how this all works?   If so, please join us today from 16:45 to 18:15 UTC for “DNSSEC for Everybody: A Beginner’s Guide” streaming live out of Marrakech, Morocco, in both audio and video on links found off of this page:

https://meetings.icann.org/en/marrakech55/schedule/sun-dnssec-everybody

(The video and slides are provided via the “Virtual Meeting Room Stream Live” link.)

The session consists of an introduction and then a skit where a group of us act out DNS operations – and then add DNSSEC into the picture.

Yes… you heard that right… a bunch of engineers acting out a skit about DNS!   :-)

Hey… you might as well have a bit of fun with it, eh?  And our history has told us that this skit has helped people tremendously in understanding DNS and DNSSEC.  We also have some other technical information and usually spend about half the session answering questions from participants.

Please do join us!

This tutorial today is part of a larger set of DNSSEC activities planned for this week.  As the session abstract says:

DNSSEC continues to be deployed around the world at an ever accelerating pace. From the Root, to both Generic Top Level Domains (gTLDs) and Country Code Top Level Domains (ccTLDs), the push is on to deploy DNSSEC to every corner of the internet. Businesses and ISPs are building their deployment plans too and interesting opportunities are opening up for all as the rollout continues.

Worried that you’re getting left behind? Don’t really understand DNSSEC? Then why not come along to the second ‘DNSSEC for Beginners’ session where we hope to demystify DNSSEC and show how you can easily and quickly deploy DNSSEC into your business. Come and find out how it all works, what tools you can use to help and meet the community that can help you plan and implement DNSSEC.

The session is aimed at everyone, so no technical knowledge is required. Come and find out what it’s all about…!

If you can’t view it live the session will be recorded for later viewing.  And if you want to get started today with DNSSEC, please see our Start Here page to begin!

 

Oct 30

Videos And Slides Available From ICANN 54 DNSSEC Workshop

ICANN 54 logoIf you are interested in learning more about the current state of DNSSEC and DANE technologies, tools and deployment, the slides and videos are now available from the ICANN 54 DNSSEC activities that happened this month in Dublin, Ireland.

The first session was the “DNSSEC For Everybody: A Beginner’s Guide” that includes a skit where DNS and DNSSEC interactions are acted out.  It may or may not win a Tony award… but it was fun to do and people have generally told us that it helps them understand DNS and DNSSEC. The basic page for the DNSSEC For Everybody session that includes the slides and handout can be found at:

https://meetings.icann.org/en/dublin54/schedule/mon-dnssec-everybody

The video recording is available online and is embedded here:

The second session was the 6-hour DNSSEC Workshop on Wednesday, 21 October 2015.  You can see the agenda and download all the slides at:

https://meetings.icann.org/en/dublin54/schedule/wed-dnssec

The session was recorded in two video segments due to the lunch break:

There were some great discussions about DNSSEC deployment around Europe, around challenges getting ISPs to start validating, about new mechanisms to automate DNSSEC signing – and a lengthy session at the end about using DNSSEC and DANE to secure email, complete with some live demos that sadly didn’t work out so well.  (But hey, we appreciated the speakers’ trying live demos!)

Morning session:

Afternoon session:

Thank you to all involved for what turned out to be a great day of interesting sessions!

Watch for the Call for Presentations for ICANN 55 in Marakech – coming soon!

And if you want to get started with DNSSEC and DANE now, please visit our Start Here page to begin.

Oct 21

Watch Live Today – DNSSEC Workshop at ICANN54

ICANN 54 logoDo you want to learn more about DNSSEC in Europe?  Do you want to know about how DANE can add security to TLS?  Curious how DNSSEC and DANE can secure email?

To learn more on all of these topics, you can listen and watch live today (21 Oct 2015) from 9:00 – 15:15 Irish Standard Time (UTC+1).

You can find all the slides and live audio at:

https://meetings.icann.org/en/dublin54/schedule/wed-dnssec

There is a “virtual meeting room” there that will combine the slides, audio and chat.  For live video, you can watch on YouTube at:

The agenda is currently:

0900-0915 – DNSSEC Workshop Introduction, Program, Deployment Around the World – Counts, Counts, Counts

  • Dan York, Internet Society
0915-1045 – Panel Discussion: DNSSEC Activities in the European Region

  • Moderator: Russ Mundy, Parsons
  • Panelists:
    • Ondrej Filip, CZNIC
    • Billy Glynn, Consultant
    • Cristian Hesselman, SIDN
    • Peter Koch, DENIC
    • Vincent Levigneron, AFNIC
    • Peter Janssen, EURid
    • Sara Monteiro, .PT
    • Roland van Rijswijk, Surfnet – Making the Case for Elliptic Curves in DNSSEC
1045-1100 – Break
1100-1215 – Panel Discussion: DNSSEC On The Edge

  • Moderator: Jacques Latour, CIRA
  • Panelists:
    • Joe Abley, Dyn – Registrar Signing Services
    • Ólafur Guðmundsson, CloudFlare – DNSSEC Signing at Scale on the Edge
    • Jacques Latour, CIRA — DNSSEC DS Auto Provisioning (DSAP)
1215-1230 – Great DNS/DNSSEC Quiz

  • Paul Wouters, Fedora
1230-1315 – Lunch Break
1315-1430 – Demonstrations and Presentations: DNSSEC and Applications

  • Moderator: Dan York, Internet Society
  • Panelists:
    • Sara Dickinson, Sinodun — DNSSEC for Legacy Applications
    • Wes Hardaker, Parsons – DNSSEC/DANE Demonstration
    • Richard Lamb, ICANN – Outlook and SMIME/DNSSEC Demonstration
    • Paul Wouters, Fedora – Protocols and Applications to Add an Additional Security Layer
1430-1500 – Presentation: Stimulating DNSSEC Validation for .NL

  • Cristian Hesselman, SIDN/SIDN Labs
1500-1515 – Presentation: DNSSEC – How Can I Help?

  • Russ Mundy, Parsons and Dan York, Internet Society

All the sessions will be recorded so you will be able to go back and listen to what is being discussed today.

And … if you want to get started with DNSSEC and DANE, please visit our Start Here page to find resources that can help!

Jul 06

Join InterCommunity 2015 on July 7/8 to talk about Internet security!

InterCommunity 2015 logoThis week you have a unique opportunity to offer your opinion on how we can make the Internet more secure!  On July 7 and 8 our global Internet Society membership meeting, InterCommunity 2015, will bring together thousands of people all around the world to address critical questions around the future of the Internet – how it is governed, how it is secured and how we bring the rest of the world online.  YOU CAN JOIN IN DIRECTLY by going to this site to register:

https://www.internetsociety.org/intercommunity2015/

You can join in from your computer or mobile device in your home, at your office or wherever you can get connectivity.

This is a global meeting happening ON the Internet – and FOR the Internet!

In some cities across the world we will have “regional nodes” where people will be gathering together in a location to join into conversations with each other – and then to join into the global conversation.  You are welcome to gather in one of those locations… or to join in from wherever you are.  There are opportunities to connect in and have your voice heard from wherever you can connect.

As you can see on the InterCommunity agenda, the meeting will be running twice to bring in everyone around the world and will have different people and different segments.  The goal is to bring all our members together, to exchange views and to come together to use our collective strength to address these critical issues and bring about a stronger and more secure Internet.

Please READ THIS POST from Internet Society President and CEO Kathy Brown for more information!

I’ll actually be in Ottawa, Ontario, Canada, at the regional node there where I’ll be leading part of the global conversation about collaborative security and how we can all work together to make the Internet more secure.  If you are there in Ottawa, I look forward to meeting you face-to-face.  If you are online, I look forward to interacting with you.  The topics we cover here on Deploy360 are all about making the Internet more secure and accessible… all key themes here in InterCommunity 2015!

Please join with us!  It’s gonna be great!

P.S. What?  You aren’t a member of the Internet Society?  No worries… it’s free to join and become a member!

Mar 26

Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security

IETF 92 - Kathleen MoriartyThis  fourth day of IETF 92 has a heavy focus on security for us on the Deploy360 team.  While the day starts with the second of two IPv6 Operations (v6OPS) working group sessions, the rest of the day is pretty much all about security, security, security!

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, the second IPv6 Operations (v6OPS) sessions continues with their busy agenda in the Gold Room. Here are today’s topics:

A number of those should generate good discussion.

Meanwhile, over in the Oak Room, the TLS Working Group will be discussing improvements to this incredibly critical protocol that we are using to encrypt so many different communications over the Internet.  As my colleague Karen O’Donahue wrote:

The tls (Transport Layer Security) working group is actively working on an update to the TLS protocol. They recently conducted an interim meeting in Seattle, WA, on 10-11 March 2015. Agenda items for IETF 92 include backwards compatibility, rekeying, and client authentication.

After lunch the 1300-1500 CDT block has the Security Area Open Meeting in the International Room. The current agenda is this:

  • Joe Bonneau/HSTS and HPKP in practice (30 mins)
  • Adam Langley/QUIC (15 mins)
  • Jan Včelák/NSEC5 (10 mins)
  • Ladar Levinson/Darkmail (20 mins)
  • Paul Wouters/Opportunistic IPsec update (1 minute)
  • Eric Rescorla/Secure Conferencing (5 mins)

Several of these presentations tie directly into the work we are doing here.  The HSTS/HPKP is “certificate pinning” and very relevant to TLS, as is the QUIC presentation.  The NSEC5 is a new proposal for DNSSEC that, judging by the mailing list traffic, should get strong debate.

The 1520-1720 CDT block doesn’t contain any of the working groups we usually track, but there will be both a Routing Area Open Meeting as well as an Operations Area Open Meeting.

In the final 1740-1840 CDT block the Operational Security (OPSec) Working Group will be meeting in the Far East Room with a number of IPv6 and routing issues on their agenda.

Bits-and-Bites

The day will end with the Bits-and-Bites reception from 1900-2100 CDT  where attendees can get food and drink and also see various exhibits from sponsors and other organizations.  As I wrote in my Rough Guide post:

 I’m told that one table will be from Verisign Labs where they will be showing demonstrations of the getdns API being used with DNSSEC and DANE.  I’m not exactly sure what will be there, but if you are going to Bits-and-Bites you may want to stop by their table and see what it is about.

I understand there may be some cool demos from other vendors and groups as well. (I’m looking forward to seeing photos!)

For some more background, please read these Rough Guide posts from Andrei, Phil and Karen:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo from Jari Arkko of Kathleen Moriarty and Lisandro Granville at the IETF 92 Administrative Plenary

The post Deploy360@IETF92, Day 4: More IPv6 Operations, TLS, and much Security appeared first on Internet Society.

Mar 23

Dan York Changing His Role With Deploy360

Dan YorkCh..ch…changes…  I just wanted to give readers a bit of a heads up that some things are changing within this Deploy360 site… and some things are staying the same.

At the beginning of March I moved from the Deployment and Operationalization (DO) Team over into the Internet Society Communications team to expand the writing and content creation I’ve been doing about technology here on Deploy360 to also cover topics in our public policy and development areas.  At an Internet Society all-staff retreat last fall we identified that “telling our story better” overall was a critical objective for the organization.  Ever since we began what became the Deploy360 Programme back in late 2011, I’ve been here telling the stories about how we need to deploy key technologies such as IPv6, DNSSEC, TLS and more in order to make the Internet work better, faster and be more secure.  Now I’m just expanding the range of stories I’ll be telling – and working on our overall “content strategy” as an organization to become more effective with what we publish.

I won’t be leaving this Deploy360 site, though.  While most of my new role is focused on the communications aspects, a significant part is still in the technology realm focused on accelerating the deployment of DNSSEC.  I will still be writing here about DNSSEC – and I will still be leading our “DNSSEC Coordination” work to bring people together around the globe to help make DNSSEC deployment ubiquitous.

You just may not see me writing here quite as often about IPv6, TLS, Securing BGP, Anti-Spoofing and other topics.  Other voices will be writing here telling those stories although I may certainly contribute from time to time.

To that end, we are hiring someone to replace me within the DO Team, although we’ve changed the role a bit to focus less on creating new content and more on facilitating the creation of content by others.  A job description has been posted – and Chris has a post out with more details.

It has been an incredible opportunity to work with the DO team over the past 3.5 years to build out this Deploy360 site and resources.  Megan, Jan and Chris are all awesome people to work with (as was Richard Jimmerson before) – and I look forward to continuing to work with them in my new role.

Thanks to all of you who read all the posts and pages I’ve made over the past 3.5 years and used them, criticized them, commented on them and shared them.  Together I think we’ve done a great bit to make the Internet work better!

P.S. Those of you who really want to know more about what I’ll be doing in my new role can read my post on one of my personal sites.

The post Dan York Changing His Role With Deploy360 appeared first on Internet Society.

Mar 23

Dan York Changing His Role With Deploy360

Dan YorkCh..ch…changes…  I just wanted to give readers a bit of a heads up that some things are changing within this Deploy360 site… and some things are staying the same.

At the beginning of March I moved from the Deployment and Operationalization (DO) Team over into the Internet Society Communications team to expand the writing and content creation I’ve been doing about technology here on Deploy360 to also cover topics in our public policy and development areas.  At an Internet Society all-staff retreat last fall we identified that “telling our story better” overall was a critical objective for the organization.  Ever since we began what became the Deploy360 Programme back in late 2011, I’ve been here telling the stories about how we need to deploy key technologies such as IPv6, DNSSEC, TLS and more in order to make the Internet work better, faster and be more secure.  Now I’m just expanding the range of stories I’ll be telling – and working on our overall “content strategy” as an organization to become more effective with what we publish.

I won’t be leaving this Deploy360 site, though.  While most of my new role is focused on the communications aspects, a significant part is still in the technology realm focused on accelerating the deployment of DNSSEC.  I will still be writing here about DNSSEC – and I will still be leading our “DNSSEC Coordination” work to bring people together around the globe to help make DNSSEC deployment ubiquitous.

You just may not see me writing here quite as often about IPv6, TLS, Securing BGP, Anti-Spoofing and other topics.  Other voices will be writing here telling those stories although I may certainly contribute from time to time.

To that end, we are hiring someone to replace me within the DO Team, although we’ve changed the role a bit to focus less on creating new content and more on facilitating the creation of content by others.  A job description has been posted – and Chris has a post out with more details.

It has been an incredible opportunity to work with the DO team over the past 3.5 years to build out this Deploy360 site and resources.  Megan, Jan and Chris are all awesome people to work with (as was Richard Jimmerson before) – and I look forward to continuing to work with them in my new role.

Thanks to all of you who read all the posts and pages I’ve made over the past 3.5 years and used them, criticized them, commented on them and shared them.  Together I think we’ve done a great bit to make the Internet work better!

P.S. Those of you who really want to know more about what I’ll be doing in my new role can read my post on one of my personal sites.

 

Mar 23

Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA

ROW workshop at IETF 92On this first day of IETF 92 in Dallas, our attention as the Deploy360 team is on securing the Internet’s routing infrastructure, improving the IPv6 protocol and securing the privacy and confidentiality of DNS queries.

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

The day begins with two sessions in the 0900-1130 CDT block.  In the Parisian room the SIDR working group will be working through a good number of Internet Drafts relating to both RPKI and BGPSEC.  Both of these are some of the tools we view as important in securing BPG and making the routing infrastructure more resilient and secure.  Our colleague Andrei Robachevsky dived into more detail in his recent Rough Guide post.  Also on the agenda is the release of results about a survey about RPKI and DNSSEC deployment undertaken last fall by researchers at the Freie Universitaet Berlin which could be interesting to learn about.

At the same time over in the International Room, the 6MAN working group has a long agenda relating to various points discovered during the ongoing deployment of IPv6.   Given that we keep seeing solid growth each month in IPv6 deployment measurements, it’s not surprising that we’d see documents brought forward identifying ways in which the IPv6 protocol needs to evolve.  This is great to see and will only help the ongoing deployment.

Moving on to the 1300-1500 CDT session block, there are two working groups that are not ones we primarily follow, but are still related to the overall themes here on the site:

  • the TRANS working group is looking to standardize “Certificate Transparency” (CT), a mechanism to add a layer of checking to TLS certificates;
  • the DNSSD working group continues its work to standardize DNS-based service discovery beyond a simple single network.  Our interest here is really that this kind of service discovery does need to be secured in some manner.

In the 1520-1650 CDT session block, a big focus for us will be the newer DPRIVE working group that is looking into mechanisms to make DNS queries more secure and confidential.  As I wrote in my Rough Guide post, a concern is to make it harder for pervasive monitoring to occur and be able to track what a user is doing through DNS queries.  DPRIVE has a full agenda, and knowing some of the personalities I expect the debate to be passionate.

Simultaneously, over in the Parisian Room, the Using TLS In Applications (UTA) working group will continue it’s work to make it easier for developers to add TLS to applications.  The UTA agenda at IETF 92 shows a focus on one mechanism for email privacy.

After all of this, we’ll be heading to the Technical Plenary from 1710-1910 CDT where the technical topic is on “Smart Object Architecture” which sounds interesting.  You can watch a live video stream of the Technical Plenary at http://www.ietf.org/live/

For some more background, please read these Rough Guide posts from Andrei, Phil, Karen and myself:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann.  And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Chris Grundemann of the ROW workshop on the Sunday prior to IETF 92.

The post Deploy360@IETF92, Day 1: SIDR, 6MAN, DPRIVE and UTA appeared first on Internet Society.

Mar 17

FYI – New Mobile Web Interface For Deploy360 Site

Deploy360 Mobile InterfaceJust a quick administrative update about this Deploy360 site.  If you are browsing this site using a smartphone such as an iPhone or Android device you will notice that as of yesterday your user experience has been changed to be more “mobile-friendly”.  Whether it is a topic such as IPv6 or DNSSEC or  a page like our Start Here page or news from our Deploy360 blog, you will now see the text in a more readable form.

This is part of our long-standing commitment to make our information as accessible as possible to all visitors regardless of platform.  Making the site mobile-friendly has been a task I’ve wanted to make happen for quite a long time, but the change this week was admittedly driven by the fact that Google has indicated that effective on April 21, 2015, they will use the “mobile-friendly” status of a site as a ranking factor in returning search results on mobile devices.   We want to be ready for that change by Google so that our pages do appear ranked as highly as possible in mobile search results.

I mention this because we still may be tweaking the mobile user experience over the next days and weeks.  For example, I’d like to have an easier menu for mobile users and so we may be changing that.  The current mechanism we use for the mobile interface does not change the display for tablets such as the iPad or Android tablets – and we’re evaluating whether that matters or not.

So if you are browsing from a smart phone and see some changes… don’t be surprised!  Our goal is to provide you with the best possible user experience – and we will be working on that.

P.S. If you have comments about the mobile user experience for this site, please do feel free to leave the comments here on this post or anywhere on social media where we post the link.  Thanks!

Feb 02

Two Great Articles In ArsTechnica And Light Reading About ION Conferences, IPv6, DNSSEC

Ars Technica articleWe were pleased to see two great articles out today about our ION Conferences and our efforts to accelerate the deployment of IPv6 and DNSSEC.  The articles followed on our news release about the 2015 ION conferences and were:

and

Both articles do a great job of explaining what we’re trying to do.  I enjoyed that both writers liked the “broccoli” angle. Here was  Carol Wilson:

“It’s a little like getting people to eat their broccoli,” Grunderman admits. Network operators can’t charge more for services after deploying these standards, but their deployment makes the entire Internet experience better for everyone by adding security and resiliency.

Exactly!

Many thanks to both writers for taking the time to understand what we are doing and to write about it on their respective sites.

And if you would like to get started with IPv6 or DNSSEC, please visit our Start Here page to begin!