How can we improve the tools and services that use DNSSEC or DANE? How can we make DNS more secure and private? (And, why spend a beautiful weekend exploring Prague when we could be inside a hotel conference room working on code???) For a number of us, we’re going to be spending this coming weekend, July 18-19, looking to answer those questions through writing code and changing/updating software as part of the IETF 93 Hackathon. More info is at:
https://www.ietf.org/hackathon/93-hackathon.html
As IETF Chair Jari Arkko wrote about on the IETF blog, these hackathons are a way to bring “running code” back into the IETF meetings – and also just a great way to advance the deployment and usage of IETF protocols. They are also just a fantastic way to strengthen the relationships between members of the IETF community.
I’ll be there as one of the “champions” of DNSSEC / DANE / DPRIVE (DNS confidentiality/privacy) along with Allison Mankin, Benno Overeinder, Sara Dickinson and Daniel Kahn Gillmor. A number of others from within the DNS community have also signed up to join in to the effort – and we’re hoping to attract some of the other participants as well.
On the wiki page listing the technologies, we wrote this for some of the ideas:
-
Contribute to access of end-systems to new developments in DNS
-
Protocols: DANE support for webmail, DNS-over-TLS (application uses), DNS-over-DTLS (stack and uses), TLSA client certs, client privacy election for EDNS client-subnet, getdns language bindings, etc.
-
Tools: portable tool for creating and adding DANE RR’s to zones, changes to existing tools to support new crypto algorithms, etc.
-
Measurement: New tools or sites for measuring DNSSEC or DANE deployment
We’ve had some other ideas, too… we’ll see what we come up with! (And you’re welcome to send me your ideas for tools you’d like to see!) I’m personally interested in expanding some of the metrics… and I’m also interested in anything that expands the usage or support of the ECDSA algorithm (I’m thinking more about … what interfaces could be extended to add ECDSA support?)
I’ll post a report back here on the site once the hackathon is over. If you are going to be at the Hackathon at IETF 93, please do consider joining with us!
P.S. And if you want to get started with DNSSEC and DANE, please see our Start Here page!