Category: DNSSEC

Watch DNS-OARC Live This Weekend For DNSSEC, DANE, DNS Privacy and more

DNS-OARC logoThis weekend in Montreal the OARC Fall 2015 Workshop will take place filled with all sorts of excellent talks about DNSSEC, DANE, DNS privacy, DNS performance and much, much more.  The best part is that if you can’t get there in person, you can watch the live video stream on YouTube at:

https://plus.google.com/+DnsoarcNetPlus/

All the sessions will also be recorded for later viewing. The sessions most interesting to remote viewers start at 14:00 US EDT (UTC-4) on Saturday, October 3, 2015, and include these:

  • An Overview of DNS Privacy Mechanisms
  • Using TLS for DNS privacy in practice
  • Next Steps in DANE Adoption
  • Benchmarking of authoritative DNS servers and DNSSEC impact assessment

Sunday morning (October 4) brings a whole set of “DNS security” talks related to DDoS attacks and attacks against DNS servers.  There are performance-related talks, detailed research sessions, and a whole set of talks related to DNS resolvers, including an exploration of IPv6 vs IPv4 performance.

There were so many interesting proposals to DNS-OARC this time that some of them occupy the Monday DNS Track inside of NANOG 65.  Again there look to be some great DNSSEC topics including a session about the KSK Key Rollover. (One note: I’m not sure if the live stream on Monday will still be on the DNS-OARC YouTube channel – the NANOG agenda only says it will be “recorded”.)

All in all it looks to be a great event!  Due to a personal scheduling conflict, I won’t be there in person… but I intend to watch a few of the sessions, either live or later.

And if you want to get started NOW with deploying DNSSEC, please visit our Start Here page to learn more!

Events Calendar for DNSSEC / DANE Activities Now Available

Every month on our DNSSEC Coordination calls (1st Thursday of the month) we go over the upcoming activities we know about that are related to DNSSEC and / or DANE.  Now I’ve made that event information available in an events calendar on the DNSSEC Deployment site at:

https://www.dnssec-deployment.org/events/

and in a calendar view at:

https://www.dnssec-deployment.org/calendar/

Our intent is to help spread the word and connect more people to the events happening within the DNSSEC community.

IF YOU HAVE AN EVENT YOU WOULD LIKE INCLUDED, please simply email me at york@isoc.org.

Comments are welcome about the calendar and event listing.   For those curious, I’m using the Ajax Event Calendar plugin for WordPress.

DNSSEC Event Calendar

Congratulations to Uruguay on signing .UY with DNSSEC!

map of South America

Last week Uruguay became the latest country to sign their country-code top-level domain (ccTLD) with DNSSEC!  With that change, the DNSSEC deployment map for the Latin American region gets just that much greener.  And now, everyone using a .UY domain will potentially be able to benefit from the increased security and trust provided by DNSSEC – and also to make use of newer innovations such as DANE.  I say “potentially” only because having the TLD signed is just the first step in the process of signing your domain – you still need your domain name registrar and your DNS hosting provider (which might be your registrar) to support DNSSEC.  However, this is a great step forward for Uruguay and shows the continued deployment of DNSSEC around the world.

Congrats to the team at Servicio Central de Informatica (SECIU) who made this happen!

If you would like to learn about how you can secure your domain with DNSSEC (whether you are in Uruguay or anywhere else in the world), please visit our Start Here page to begin…

Call for Participation – DNSSEC Workshop at ICANN 54 in Dublin, Ireland

ICANN 54 DublinThe DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme, in cooperation with the ICANN Security and Stability Advisory Committee (SSAC), are planning a DNSSEC Workshop at the ICANN 54 meeting on 21 October in Dublin, Ireland. The DNSSEC Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments. For reference, the most recent session was held at the ICANN meeting in Buenos Aires, Argentina on 24 June 2015. The presentations and transcripts are available at: https://buenosaires53.icann.org/en/schedule/wed-dnssec.

At ICANN 54 we are particularly interested in live demonstrations of uses of DNSSEC or DANE. Examples might include:

  • Email clients and servers using DNSSEC, OPENPGPKEY, or S/MIME for secure email.
  • Tools for automating the generation of DNSSEC/DANE records.
  • Services for monitoring or managing DNSSEC signing or validation.
  • Tools or services for using DNSSEC/DANE along with other existing protocols and services such as SSH, XMPP, SMTP, S/MIME or PGP/GPG.
  • Innovative uses of APIs to do something new and different using DNSSEC/DANE.
  • S/MIME and Microsoft Outlook integration with active directory.

Our interest is to provide current examples of the state of development and to show real-world examples of how DNSSEC and DANE related innovation can be used to increase the overall security of the Internet.

We are open to presentations and demonstrations related to any topic associated with DNSSEC and DANE. Examples of the types of topics we are seeking include:

1. DNSSEC activities in Europe

For this panel we are seeking participation from those who have been involved in DNSSEC deployment in Europe and also from those who have not deployed DNSSEC but who have a keen interest in the challenges and benefits of deployment. In particular, we will consider the following questions: Are you interested in reporting on DNSSEC validation of your ISPs? What can DNSSEC do for you? What doesn’t it do? What are the internal tradeoffs to implementing DNSSEC? What did you learn in your deployment of DNSSEC? We are interested in presentations from both people involved with the signing of domains and people involved with the deployment of DNSSEC-validating DNS resolvers.

2. Potential impacts of Root Key Rollover

Given many concerns about the need to do a Root Key Rollover, we would like to bring together a panel of people who can talk about what the potential impacts may be to ISPs, equipment providers and end users, and also what can be done to potentially mitigate those issues. In particular, we are seeking participation from vendors, ISPs, and the community that will be affected by distribution of new root keys. We would like to be able to offer suggestions out of this panel to the wider technical community. If you have a specific concern about the Root Key Rollover, or believe you have a method or solution to help address impacts, we would like to hear from you.

3. Implementing DNSSEC validation at Internet Service Providers (ISPs)

Internet Service Providers (ISPs) play a critical role by enabling DNSSEC validation for the caching DNS resolvers used by their customers. We have now seen massive rollouts of DNSSEC validation within large North American ISPs and at ISPs around the world. We are interested in presentations on topics such as:

  • Can you describe your experiences with negative Trust Anchors and operational realities?
  • What does an ISP need to do to prepare its network for implementing DNSSEC validation?
  • How does an ISP need to prepare its support staff and technical staff for the rollout of DNSSEC validation?
  • What measurements are available about the degree of DNSSEC validation currently deployed?
  • What tools are available to help an ISP deploy DNSSEC validation?
  • What are the practical server-sizing impacts of enabling DNSSEC validation on ISP DNS Resolvers (ex. cost, memory, CPU, bandwidth, technical support, etc.)?

4. The operational realities of running DNSSEC

Now that DNSSEC has become an operational norm for many registries, registrars, and ISPs, what have we learned about how we manage DNSSEC? What is the best practice around key rollovers? How often do you review your disaster recovery procedures? Is there operational familiarity within your customer support teams? What operational statistics have we gathered about DNSSEC? Are there experiences being documented in the form of best practices, or something similar, for transfer of signed zones?

5. DANE and DNSSEC application automation

For DNSSEC to reach massive deployment levels it is clear that a higher level of automation is required than is currently available. There also is strong interest for DANE usage within web transactions as well as for securing email and Voice-over-IP (VoIP). We are seeking presentations on topics such as:

  • What tools, systems and services are available to help automate DNSSEC key management?
  • Can you provide an analysis of current tools/services and identify gaps?
  • Where are the best opportunities for automation within DNSSEC signing and validation processes?
  • What are the costs and benefits of different approaches to automation?
  • What are some of the new and innovative uses of DANE and other DNSSEC applications in new areas or industries?
  • What tools and services are now available that can support DANE usage?
  • How soon could DANE and other DNSSEC applications become a deployable reality?
  • How can the industry use DANE and other DNSSEC applications as a mechanism for creating a more secure Internet?

We would be particularly interested in any live demonstrations of DNSSEC / DANE application automation and services. For example, a demonstration of the actual process of setting up a site with a certificate stored in a TLSA record that correctly validates would be welcome. Demonstrations of new tools that make the setup of DNSSEC or DANE more automated would also be welcome.

6. When unexpected DNSSEC events occur

What have we learned from some of the operational outages that we have seen over the past 18 months? Are there lessons that we can pass on to those just about to implement DNSSEC? How do you manage dissemination of information about the outage? What have you learned about communications planning? Do you have a route to ISPs and registrars? How do you liaise with your CERT community?

7. DNSSEC and DANE in the enterprise

Enterprises can play a critical role in both providing DNSSEC validation to their internal networks and also through signing of the domains owned by the enterprise. We are seeking presentations from enterprises that have implemented DNSSEC on validation and/or signing processes and can address questions such as:

  • What are the benefits to enterprises of rolling out DNSSEC validation? And how do they do so?
  • What are the challenges to deployment for these organizations and how could DANE and other DNSSEC applications address those challenges?
  • How should an enterprise best prepare its IT staff and network to implement DNSSEC?
  • What tools and systems are available to assist enterprises in the deployment of DNSSEC?
  • How can the DANE protocol be used within an enterprise to bring a higher level of security to transactions using SSL/TLS certificates?

8. Hardware Security Modules (HSMs) use cases and innovation

We are interested in demonstrations of HSMs, presentations of HSM-related innovations and real world use cases of HSMs and key management.

In addition, we welcome suggestions for additional topics.

If you are interested in participating, please send a brief (1-2 sentence) description of your proposed presentation to dnssec-dublin@isoc.org by **Monday, 17 August 2015**

We hope that you can join us.

On behalf of the DNSSEC Workshop Program Committee:
Mark Elkins, DNS/ZACR
Cath Goulding, Nominet UK
Julie Hedlund, ICANN
Jean Robert Hountomey, AfricaCERT
Jacques Latour, .CA
Xiaodong Lee, CNNIC
Luciano Minuchin, NIC.AR
Russ Mundy, Parsons
Ondřej Surý, CZ.NIC
Yoshiro Yoneya, JPRS
Dan York, Internet Society

Call for Participation – DNSSEC Workshop at ICANN 54 in Dublin, Ireland

ICANN 54 logoWould you like to present an idea you have related to DNSSEC or DANE to a gathering of people within the DNSSEC community?  Do you have an idea for a new tool or service? Have you recently implemented DNSSEC or DANE and want to share your story?

If so – and if you will be attending ICANN 54 in Dublin on October 21 – please send a brief 1-2 sentence proposal to:

dnssec-dublin@isoc.org

The deadline is Monday, August 17, so please send your proposal soon!

We are open to proposals on a wide range of topics – the full Call for Participation is included below with suggestions to help, but we are also open to proposals on pretty much any topic related to DNSSEC / DANE / DNS security.


Call For Participation

The DNSSEC Deployment Initiative and the Internet Society Deploy360 Programme, in cooperation with the ICANN Security and Stability Advisory Committee (SSAC), are planning a DNSSEC Workshop at the ICANN 54 meeting on 21 October in Dublin, Ireland.  The DNSSEC Workshop has been a part of ICANN meetings for several years and has provided a forum for both experienced and new people to meet, present and discuss current and future DNSSEC deployments.  For reference, the most recent session was held at the ICANN meeting in Buenos Aires, Argentina on 24 June 2015. The presentations and transcripts are available at: https://buenosaires53.icann.org/en/schedule/wed-dnssec.

At ICANN 54 we are particularly interested in live demonstrations of uses of DNSSEC or DANE.  Examples might include:

  • Email clients and servers using DNSSEC, OPENPGPKEY, or S/MIME for secure email.
  • Tools for automating the generation of DNSSEC/DANE records.
  • Services for monitoring or managing DNSSEC signing or validation.
  • Tools or services for using DNSSEC/DANE along with other existing protocols and services such as SSH, XMPP, SMTP, S/MIME or PGP/GPG.
  • Innovative uses of APIs to do something new and different using DNSSEC/DANE.
  • S/MIME and Microsoft Outlook integration with active directory.

Our interest is to provide current examples of the state of development and to show real-world examples of how DNSSEC and DANE related innovation can be used to increase the overall security of the Internet.

We are open to presentations and demonstrations related to any topic associated with DNSSEC and DANE.  Examples of the types of topics we are seeking include:

1.  DNSSEC activities in Europe

For this panel we are seeking participation from those who have been involved in DNSSEC deployment in Europe and also from those who have not deployed DNSSEC but who have a keen interest in the challenges and benefits of deployment.  In particular, we will consider the following questions:  Are you interested in reporting on DNSSEC validation of your ISPs? What can DNSSEC do for you? What doesn’t it do?  What are the internal tradeoffs to implementing DNSSEC? What did you learn in your deployment of DNSSEC?  We are interested in presentations from both people involved with the signing of domains and people involved with the deployment of DNSSEC-validating DNS resolvers.

2.  Potential impacts of Root Key Rollover

Given many concerns about the need to do a Root Key Rollover, we would like to bring together a panel of people who can talk about what the potential impacts may be to ISPs, equipment providers and end users, and also what can be done to potentially mitigate those issues. In particular, we are seeking participation from vendors, ISPs, and the community that will be affected by distribution of new root keys.  We would like to be able to offer suggestions out of this panel to the wider technical community.  If you have a specific concern about the Root Key Rollover, or believe you have a method or solution to help address impacts, we would like to hear from you.

3.  Implementing DNSSEC validation at Internet Service Providers (ISPs)

Internet Service Providers (ISPs) play a critical role by enabling DNSSEC validation for the caching DNS resolvers used by their customers.  We have now seen massive rollouts of DNSSEC validation within large North American ISPs and at ISPs around the world.  We are interested in presentations on topics such as:

  • Can you describe your experiences with negative Trust Anchors and operational realities?
  • What does an ISP need to do to prepare its network for implementing DNSSEC validation?
  • How does an ISP need to prepare its support staff and technical staff for the rollout of DNSSEC validation?
  • What measurements are available about the degree of DNSSEC validation currently deployed?
  • What tools are available to help an ISP deploy DNSSEC validation?
  • What are the practical server-sizing impacts of enabling DNSSEC validation on ISP DNS Resolvers (ex. cost, memory, CPU, bandwidth, technical support, etc.)?

4. The operational realities of running DNSSEC

Now that DNSSEC has become an operational norm for many registries, registrars, and ISPs, what have we learned about how we manage DNSSEC? What is the best practice around key rollovers? How often do you review your disaster recovery procedures? Is there operational familiarity within your customer support teams? What operational statistics have we gathered about DNSSEC? Are there experiences being documented in the form of best practices, or something similar, for transfer of signed zones?

5.  DANE and DNSSEC application automation

For DNSSEC to reach massive deployment levels it is clear that a higher level of automation is required than is currently available. There also is strong interest for DANE usage within web transactions as well as for securing email and Voice-over-IP (VoIP). We are seeking presentations  on topics such as:

  • What tools, systems and services are available to help automate DNSSEC key management?
  • Can you provide an analysis of current tools/services and identify gaps?
  • Where are the best opportunities for automation within DNSSEC signing and validation processes?
  • What are the costs and benefits of different approaches to automation?
  • What are some of the new and innovative uses of DANE and other DNSSEC applications in new areas or industries?
  • What tools and services are now available that can support DANE usage?
  • How soon could DANE and other DNSSEC applications become a deployable reality?
  • How can the industry use DANE and other DNSSEC applications as a mechanism for creating a more secure Internet?

We would be particularly interested in any live demonstrations of DNSSEC / DANE application automation and services.  For example, a demonstration of the actual process of setting up a site with a certificate stored in a TLSA record that correctly validates would be welcome.  Demonstrations of new tools that make the setup of DNSSEC or DANE more automated would also be welcome.

6.  When unexpected DNSSEC events occur

What have we learned from some of the operational outages that we have seen over the past 18 months? Are there lessons that we can pass on to those just about to implement DNSSEC? How do you manage dissemination of information about the outage? What have you learned about communications planning? Do you have a route to ISPs and registrars? How do you liaise with your CERT community?

7.  DNSSEC and DANE in the enterprise

Enterprises can play a critical role in both providing DNSSEC validation to their internal networks and also through signing of the domains owned by the enterprise. We are seeking presentations from enterprises that have implemented DNSSEC on validation and/or signing processes and can address questions such as:

  • What are the benefits to enterprises of rolling out DNSSEC validation? And how do they do so?
  • What are the challenges to deployment for these organizations and how could DANE and other DNSSEC applications address those challenges?
  • How should an enterprise best prepare its IT staff and network to implement DNSSEC?
  • What tools and systems are available to assist enterprises in the deployment of DNSSEC?
  • How can the DANE protocol be used within an enterprise to bring a higher level of security to transactions using SSL/TLS certificates?

8. Hardware Security Modules (HSMs) use cases and innovation

We are interested in demonstrations of HSMs, presentations of HSM-related innovations and real world use cases of HSMs and key management.

In addition, we welcome suggestions for additional topics.

If you are interested in participating, please send a brief (1-2 sentence) description of your proposed presentation to dnssec-dublin@isoc.org by **Monday, 17 August 2015**

We hope that you can join us.

On behalf of the DNSSEC Workshop Program Committee:
Mark Elkins, DNS/ZACR
Cath Goulding, Nominet UK
Julie Hedlund, ICANN
Jean Robert Hountomey, AfricaCERT
Jacques Latour, .CA
Xiaodong Lee, CNNIC
Luciano Minuchin, NIC.AR
Russ Mundy, Parsons
Ondřej Surý, CZ.NIC
Yoshiro Yoneya, JPRS
Dan York, Internet Society

IETF 93 Hackathon July 18-19: DNSSEC, DANE, DPRIVE and DNS Security

IETF HackathonHow can we improve the tools and services that use DNSSEC or DANE?  How can we make DNS more secure and private? (And, why spend a beautiful weekend exploring Prague when we could be inside a hotel conference room working on code???) For a number of us, we’re going to be spending this coming weekend, July 18-19, looking to answer those questions through writing code and changing/updating software as part of the IETF 93 Hackathon.  More info is at:

https://www.ietf.org/hackathon/93-hackathon.html

As IETF Chair Jari Arkko wrote about on the IETF blog, these hackathons are a way to bring “running code” back into the IETF meetings – and also just a great way to advance the deployment and usage of IETF protocols.  They are also just a fantastic way to strengthen the relationships between members of the IETF community.

I’ll be there as one of the “champions” of DNSSEC / DANE / DPRIVE (DNS confidentiality/privacy) along with Allison Mankin, Benno Overeinder, Sara Dickinson and Daniel Kahn Gillmor.  A number of others from within the DNS community have also signed up to join in to the effort – and we’re hoping to attract some of the other participants as well.

On the wiki page listing the technologies, we wrote this for some of the ideas:

 

  • Contribute to access of end-systems to new developments in DNS
  • Protocols: DANE support for webmail, DNS-over-TLS (application uses), DNS-over-DTLS (stack and uses), TLSA client certs, client privacy election for EDNS client-subnet, getdns language bindings, etc.
  • Tools: portable tool for creating and adding DANE RR’s to zones, changes to existing tools to support new crypto algorithms, etc.
  • Measurement: New tools or sites for measuring DNSSEC or DANE deployment

 

We’ve had some other ideas, too… we’ll see what we come up with!  (And you’re welcome to send me your ideas for tools you’d like to see!)  I’m personally interested in expanding some of the metrics… and I’m also interested in anything that expands the usage or support of the ECDSA algorithm (I’m thinking more about … what interfaces could be extended to add ECDSA support?)

I’ll post a report back here on the site once the hackathon is over.  If you are going to be at the Hackathon at IETF 93, please do consider joining with us!

P.S. And if you want to get started with DNSSEC and DANE, please see our Start Here page!

Join InterCommunity 2015 on July 7/8 to talk about Internet security!

InterCommunity 2015 logoThis week you have a unique opportunity to offer your opinion on how we can make the Internet more secure!  On July 7 and 8 our global Internet Society membership meeting, InterCommunity 2015, will bring together thousands of people all around the world to address critical questions around the future of the Internet – how it is governed, how it is secured and how we bring the rest of the world online.  YOU CAN JOIN IN DIRECTLY by going to this site to register:

https://www.internetsociety.org/intercommunity2015/

You can join in from your computer or mobile device in your home, at your office or wherever you can get connectivity.

This is a global meeting happening ON the Internet – and FOR the Internet!

In some cities across the world we will have “regional nodes” where people will be gathering together in a location to join into conversations with each other – and then to join into the global conversation.  You are welcome to gather in one of those locations… or to join in from wherever you are.  There are opportunities to connect in and have your voice heard from wherever you can connect.

As you can see on the InterCommunity agenda, the meeting will be running twice to bring in everyone around the world and will have different people and different segments.  The goal is to bring all our members together, to exchange views and to come together to use our collective strength to address these critical issues and bring about a stronger and more secure Internet.

Please READ THIS POST from Internet Society President and CEO Kathy Brown for more information!

I’ll actually be in Ottawa, Ontario, Canada, at the regional node there where I’ll be leading part of the global conversation about collaborative security and how we can all work together to make the Internet more secure.  If you are there in Ottawa, I look forward to meeting you face-to-face.  If you are online, I look forward to interacting with you.  The topics we cover here on Deploy360 are all about making the Internet more secure and accessible… all key themes here in InterCommunity 2015!

Please join with us!  It’s gonna be great!

P.S. What?  You aren’t a member of the Internet Society?  No worries… it’s free to join and become a member!

Wednesday, June 30, Is “DNSSEC Day” In Germany!

DNSSEC badgeWant to learn about DNSSEC and DANE auf Deutsch? On Wednesday, June 30, 2015, a group of organizations in Germany will be streaming live a session called “DNSSEC Day” from 14:00 to 18:00 CEST (UTC+2). Information can be found at:

heise.de/netze/dnssec-day

They say the exact link for the live stream will be published there before the start.  The agenda indicates the four-hour live stream will be broken into four parts:

• DNSSEC: Wofür man die Technik braucht, wie sie in Grundzügen funktioniert  (an overview)

• Die Anwendersicht: Wie setzen Clients DNSSEC ein, welche Provider und DNS-Server sind ratsam  (a user’s perspective)

• Handreichungen für Administratoren: Eigene Domäne absichern, Registrare finden, Fallstricke vermeiden  (information for administrators)

• DNSSEC-Spezialitäten: Wie DNSSEC im Zusammenspiel mit weiteren Techniken Man-in-the-Middle-Attacken drastisch erschwert und die Mail-Verschlüsselung vereinfacht: OPENPGPKEY, SMIME/A, SSH Fingerprinting, IPSec  (DNSSEC specialties – which would appear to be mostly related to the DANE protocol)

This “DNSSEC Day” is a cooperative effort between three organizations:

  • The German government’s information security agency (Bundesamt für Sicherheit in der Informationstechnik (BSI))
  • DENIC, the registry behind the .DE top-level domain
  • Heise online, a leading technology media site

This kind of initiative is great to see and not surprising in Germany due to the high level of interest in DNSSEC and DANE, particularly for use in email communication.  DANE is being used quite heavily by a number of email providers, and I’ve been pleased to see a number of German email providers actively advertising their support of DNSSEC and DANE on their websites.

More information can be found at:

We look forward to hearing about how well the event goes and to seeing growth in DNSSEC validation and signing within Germany.

Congrats to all the folks involved for making this happen!

P.S. If you would like to get started with DNSSEC and DANE, please visit our Start Here page to begin!

Live TODAY – DNSSEC Workshop Streaming From ICANN53 in Buenos Aires

ICANN 53 LogoWhat is the current state of DNSSEC deployment? What is going on with DNSSEC in Latin America?  What new tools and services are available?  What can we do to encourage deployment? What is new with the DANE protocol to secure TLS?

Today (24 June 2015) at 9:00 am Argentina time (UTC-3, which is 1 hour ahead of US Eastern time) you can listen to a day full of sessions devoted to these topics.  Audio and video streams are available at:

https://buenosaires53.icann.org/en/schedule/wed-dnssec

As I described in an earlier post  – and also in a blog post on CircleID – the sessions include:

0900-0915 – DNSSEC Workshop Introduction, Program, Deployment Around the World – Counts, Counts, Counts

  • Dan York, Internet Society
0915-1030 – Panel Discussion: DNSSEC Activities in the Latin American Region

  • Moderator/Presenter: Luciano Munichin, NIC.AR
  • Panelists:
    • Luis Diego Espinoza, Consultant, Costa Rica
    • Carlos Martinez, LACNIC
    • Gonzalo Romero, .CO
    • Frederico Neves, .BR
    • Hugo Salgado, NIC.CL
1030-1100 – Presentation: Update on DNSSEC KSK Root Key Rollover

  • Ed Lewis, ICANN
1100-1115 – Break
1115-1215 – Panel Discussion: DNSSEC Automation

  • Moderator: Russ Mundy, Parsons
  • Panelists:
    • Eberhard Lisse, .NA – Proof of Concept on Smart Card HSM to Automate Key Signing
    • Robert Martin-Legène, Packet Clearing House — PCH DNSSEC Signing Service
    • Joe Waldron, Verisign – Verisign DNSSEC Signing Service
1215-1230 – Great DNS/DNSSEC Quiz

  • Paul Wouters, Fedora
1230-1330 – Lunch Break
1330-1445 – Demonstrations and Presentations: DANE and Applications

  • Moderator: Dan York, Internet Society
  • Panelists:
    • Jaap Akkerhuis, NLNetLabs – Demonstration on Opportunistic Encryption
    • Wes Hardaker — Presentation on Opportunistic SMTP Encryption
    • Danny McPherson, Verisign Labs — Demonstration of Running Code for DANE S/MIME and Practical Tools
    • Paul Wouters, Fedora – Opportunistic IPsec
1445-1500 – Presentation: Deploying New DNSSEC Algorithms

  • Dan York, Internet Society
1500-1515 – Presentation: DNSSEC – How Can I Help?

  • Russ Mundy, Parsons and Dan York, Internet Society

We hope that you will join us live… and the session will also be recorded for those who can’t join live.

And if you want to get started with DNSSEC, please visit our Start Here page to begin!

Watch Live TODAY – DNSSEC For Everybody: A Beginner’s Guide at ICANN53

ICANN 53 LogoIn about 35 minutes, at 17:00 Argentina time (UTC-3), we will be streaming live out of ICANN 53 in Buenos Aires, Argentina, with the “DNSSEC For Everybody: A Beginner’s Guide” session.  You can watch and listen live at this link:

https://buenosaires53.icann.org/en/schedule/mon-dnssec-everybody

The session goes for 90 minutes today, roughly half of which is the actual program and the remainder is what usually turns into a live Q&A session.  We’ll have some introductory remarks that I’ll do, then we’ll have a skit that dramatizes DNS and DNSSEC interactions, then Russ Mundy will dive into a bit deeper detail about DNSSEC… and then we’ll go to Q&A.

Note that remote participants can ask questions through the Adobe Connect interface.

If you’d like a quick way to understand more about DNS and DNSSEC… join us!

It will be archived for later viewing, too, if you can’t watch it live.

P.S.  If you’d like to get started with DNSSEC, visit our Start Here page to begin!