Category: Information

Slovenian Government IPv6 Study Now Available In English

Back in 2010, the Go6 Institute brought together a group of experts to write a comprehensive report for the Slovenian Ministry of Higher Education, Science and Technology about IPv6 and how the government and industry should respond.

This year they were able to update the study with newer information and translate the report from Slovenian into English. They have now made this detailed document available for public viewing and download at:

http://go6.si/en/2012/04/slovenian-ipv6-study-english-version/

While obviously some of the information is focused on IPv6 deployment in Slovenia, the document speaks very broadly to issues that governments and businesses need to consider – and in particularly why they need to move ahead with their use of IPv6 now.

Congratulations – and thanks – to Jan Žorž and the others involved with the effort of making this document available in English where it can be more widely read.

US Government Releases Updated IPv6 Roadmap

Last week the US Federal CIO Council released an updated version of their IPv6 planning guide/roadmap. Available as a PDF download from cio.gov, the 73-page document provides a wealth of IPv6 information to both US government agencies and also to operators, enterprises and others seeking to understand exactly what the US government is doing with IPv6.

This July 2012 document updates and replaces the 2009 version of the roadmap.  It does not specifically list what has been updated, but provides this note:

This document is the latest version of the Roadmap, and is the key guidance document for supporting Federal agencies in their achievement of the 2012 and 2014 objectives, as well as the strategic vision for beyond 2014. This document has the same foundational elements instituted in the original Roadmap, and has been updated to reflect the three years of experience (from both the public and private sectors) since original publication. The sections of the document comprise all aspects of a successful transition and now include practical experience from those directly engaged in IPv6 activities, combining programmatic (including Clinger-Cohen Act compliance), technical, cybersecurity, and Federal acquisition elements, as well as the suggested interactions with other Federally mandated technical efforts such as the Trusted Internet Connection (TIC).

True to that statement, updated references can be found throughout the document.  I found it particularly interesting to see section 1.4, “Our Business Situation,” at the beginning of the document that provided a list from a competitive point of view of what other countries around the world are doing with regard to IPv6.

The sample transition timelines starting at the bottom of page 12 may be of interest to many readers, as they lay out examples of how agencies can meet upcoming September 2012 and September 2014 deadlines. Section 4 on page 22 also outlines where US federal agencies should be in 2012 and 2014.

Readers may also find Section 6 on page 32 very useful with the ideas for transition steps. Obviously, some steps are specific to US government agencies, but the ideas behind those steps could be equally useful in other context.

All in all a very useful document for US government agencies and for others seeking to understand what a large entity needs to do to make the transition.

DNSSEC Policy & Practice Statements (DPS)

Are you responsible for signing your domain with DNSSEC are are looking to understand more of what may be involved?  Are you perhaps with registry or top-level domain (TLD) operator looking to implement DNSSEC across your country-code TLD (ccTLD) or new generic TLD (gTLD)? Or are you with an enterprise seeking to understand the legal and security policies you should have in place if you are signing your own domains?

If so, a great place to start is with the idea of a “DNSSEC Practice Statement” or “DPS.”  A DPS is a document that simply lays out the policies and procedures related to DNSSEC that an organization chooses to implement.  It may be very short and simple – or very long and complex.  The idea is that a DPS can give other people an understanding of how much they can trust your DNSSEC signing.  For someone new to DNSSEC, looking at existing DPS documents can also provide a clear checklist of what you should be thinking about during your implementation.

The best way to get started may be to look at an Internet-Draft titled “A Framework for DNSSEC Policies and DNSSEC Practice Statements

http://tools.ietf.org/html/draft-ietf-dnsop-dnssec-dps-framework

This document explains the rationale for a DPS and provides a framework for creating your own.

Alternatively, you may just want to dive into the list of DPS documents below to get an understanding of what these documents are like.  The .SE DPS may be a good place to start, primarily because the .SE team are very involved with the Internet-Draft framework document referenced above.

If you prefer to learn from a video, we have included at the end of this page a 15-minute video from training given by the OpenDNSSEC project in April 2010 where Anne-Marie Eklund-Löwinder from .SE explains the value of a DPS and the components that should be included.

A few notes about the lists below:

  • The lists contain the gTLDs, ccTLDS and RIRs for whom we can find formal DPS documents. Some of the gTLDs, ccTLDs and RIRs who do use DNSSEC are not listed because their domains/zones were signed very early in the DNSSEC rollout before the DPS framework started to become widely used. They may have other DNSSEC deployment information on their sites, but not in the form of a formal DPS.
  • The root of DNS also has multiple DPS documents but they are not explicitly listed below as the root zone is a special case with special precautions. You may find the documents to be an interesting read, though.
  • You will note in the list below that the DPS documents have several different names, but newer documents seem to be standardizing on “DNSSEC Practice Statement.”
  • These lists will continue to be updated as more DPS documents become available. Expect to see them continue to grow as more TLDs sign their domains.

If you are aware of a DPS document we should include, please let us know.


Generic Top-Level Domains (gTLDs):


Country-code Top-Level Domains (ccTLDs):


Regional Internet Registries (responsible for reverse DNS delegations, i.e. in-addr.arpa):


The video below, while from 2010, provides a good introduction to what a DPS is all about:

 

US DoD/DREN IPv6 Knowledge Base

DOD High Performance Computing Modernization ProgramThe United States Department of Defense (DOD) High Performance Computing Modernization Program maintains a comprehensive site devoted to sharing information about IPv6 based on the work of the Defense Research and Engineering Network (DREN). The main IPv6 knowledge base can be found at:

http://www.hpcmo.hpc.mil/cms2/index.php/ipv6-knowledge-base-general-info

There are many excellent resources to be found within the site including:

All in all the site is an outstanding resource for people looking for more IPv6 information.