Category: CIRA

CIRA Makes DNSSEC Available For .CA Through Registrars

CIRA logoGreat news today for our friends up north in Canada – they can now sign their .CA domains with DNSSEC! As the Canadian Internet Registration Authority (CIRA) said in a news release yesterday, they are making the Internet safer for all Canadians and noted:

DNSSEC builds a “chain of trust” between users and the websites they wish to visit. It helps counter malicious online activities such as DNS spoofing and man-in-the-middle (MITM) attacks. These fraudulent activities are usually intended to capture personal information, such as bank account logins.

Perhaps even more importantly, DNSSEC will now let people with .CA domains use innovative new protocols like DANE to add a layer of trust to TLS/SSL certificates used for ecommerce and secure access to websites.

CIRA also rolled out an updated FAQ page on DNSSEC (thanks, CIRA, for the link to our work here!) and already has three registrars/DNS hosting providers who will offer DNSSEC-secured .CA domain names.

You may recall that CIRA first made DNSSEC available for .CA domains back in early 2013. However, it was still a manual process to get your signed .CA domain linked in to the global “chain of trust” for DNSSEC.  With this announcement yesterday CIRA has now removed that manual process and made it easy for registrars to upload the necessary DS records. Now they just need more of the .CA registrars to support DNSSEC. (See our page about DNSSEC and registrars for an overview of the process.)

Congrats to the team at CIRA for making this happen!

P.S. If you want to get started with making our domain more secure, visit our “Start Here” pages to learn more about DNSSEC.

CIRA / .CA Launches DNSSEC Info Center and Draft DNSSEC Practice Statement

CIRAlogoDNSSEC is coming soon to the .CA domain! The Canadian Internet Registration Authority (CIRA) recently announced a draft of their “DNSSEC Practice Statement” (DPS) that provides details around how they will be deploying and managing DNSSEC for the .CA domain. They are seeking comment on the DPS – and are also launching a “DNSSEC Knowledge Center” at:

http://cira.ca/knowledge-centre/technology/dnssec

The draft DPS is available on that site as is a useful DNSSEC FAQ.

All of this is in preparation for CIRA’s plans to sign the .CA zone in 2012 and to start signing .CA second-level domains in 2013.

It’s great to see this step from CIRA and we encourage all those interested to take a look at their DPS and send in any comments you may have.

If you are interested in learning more about CIRA’s activities, Jacques Latour spoke at our Toronto ION event in November and we published the video where he spoke about what CIRA is doing with both IPv6 and DNSSEC: