Home / Blogs

A Great Bit of DNSSEC and DNS at IETF 90 Next Week

Dan York

For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security”, and summarized the activity in a Deploy360 post:

  • The DNSOP (DNS Operations) Working Group will be talking about DNSSEC key and signing policies and requirements for DNSSEC validation in DNS resolvers. The group will also talk about the "DNSSEC roadblock avoidance" draft before getting into what should be a lively discussion about how we better optimize the distribution of data in the root zone of DNS.
  • The DANE Working Group will discuss a number of ways the DANE protocol can be used with applications such as OpenPGP, SMIME, SMTP and more. There will also be a discussion of turning the "DANE Operational Guidance" draft into an actual update/replacement for RFC 6698 that defines DANE. It should be very interesting session!
  • The SIPCORE Working Group will discuss a draft about using DANE and DNSSEC for SIP-based Voice-over-IP (VoIP).
  • The TRANS Working Group will explore whether or not there is a role for Certificate Transparency (CT) to play with DNSSEC and/or DANE.
  • The HOMENET Working Group will discuss two different drafts relating to DNSSEC and customer-premise equipment (CPE) such as home wifi routers.

The Rough Guide to IETF 90 post goes into much greater detail and includes links to the relevant working groups, Internet drafts and more. I'd note that CircleID contributor Paul Vixie will be one of the people involved with the discussion in DNSOP around how to optimize the distribution of the root zone of DNS.
If you can't attend the IETF 90 meeting in person, there are many ways to participate remotely and hear what is happening. If you are attending, please do feel free to say hello… you can expect to find me in pretty much every session relating to DNSSEC. :-)

P.S. For a view into highlights about some topics other than DNS/DNSSEC, please see the Internet Society's Rough Guide To IETF 90.

By Dan York, Author and Speaker on Internet technologies - and on staff of Internet Society – Dan is employed as a Senior Content Strategist with the Internet Society but opinions posted on CircleID are entirely his own. Visit the blog maintained by Dan York hereVisit Page
Follow CircleID on
Related topics: Cybersecurity, DNS, DNS Security

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.




Sponsored byWhoisXML API

IP Addressing

Sponsored byAvenue4 LLC


Sponsored byThreat Intelligence Platform

Brand Protection

Sponsored byAppDetex

DNS Security

Sponsored byAfilias


Sponsored byVerisign

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias