Home / Blogs

DNSSEC Successes, Statistics and Innovation Streaming Live from ICANN 53 on 24 June 2015

Dan York

Where has DNSSEC been successful? What are some current statistics about DNSSEC deployment? What are examples of innovations that are happening with DNSSEC and DANE?

All of these questions will be discussed at the DNSSEC Workshop at ICANN 53 in Buenos Aires happening on Wednesday, June 24, 2015, from 09:00 – 15:15 Argentina time (UTC-3). You can watch and listen to the session live at:

https://buenosaires53.icann.org/en/schedule/wed-dnssec

All the slides that will be presented are currently available for download. The session will be recorded and the recording will be available from that same URL sometime after the meeting.

Here's a quick look at the agenda for the day's session:

1. Introduction and DNSSEC statistics – I will begin the day introducing the session and providing some of the latest statistics and information about DNSSEC deployment, both in terms of validation and signing.

2. DNSSEC Activities in the Latin American Region – We'll have a series of speakers providing updates on DNSSEC deployment in the LAC region. Speakers include:

  • Luciano Minuchin, NIC.AR – NIC Argentina (also panel moderator)
  • Luis Diego Espinoza, Consultant, Costa Rica – DNSSEC Activities in LAC
  • Carlos Martinez, LACNIC – DNSSEC in the Reverse Tree at LACNIC
  • Gonzalo Romero, .CO – DNSSEC in the .CO: ccTLD Experiences and Challenges
  • Rubens Kuhl, .BR – .BR DNSSEC Update ICANN 53
  • Hugo Salgado, NIC.CL – DNSSEC in .CL: ICANN 53 Update

3. Update on DNSSEC KSK Root Key Rollover – Ed Lewis of ICANN will give an update on the work around planning the rollover of the root key of DNSSEC.

4. DNSSEC Automation – After a short break we'll have a panel moderated by Russ Mundy about how to better improve the automation of DNSSEC activities. Panelists include:

  • Eberhard Lisse, .NA – DNSSEC with SmartcardHSM
  • Robert Martin-Legène, Packet Clearing House – Packet Clearing House (PCH) DNSSEC Signing Service
  • Joe Waldron, Verisign – Verisign DNSSEC Signing Service

After this session we'll break for lunch as well as the "Great DNS Quiz". The lunch is sponsored by:

  • Afilias
  • CIRA
  • Dyn
  • .SE
  • SIDN

5. Demonstrations and Presentations: DANE and Applications – After lunch, I'll be moderating a panel where we'll be demonstrating some of the innovative things people are doing with DNSSEC and the DANE protocol. Panelists include:

  • Jaap Akkerhuis, NLNetLabs – One Year of DANE (Some) Lessons Learned
  • Wes Hardaker – Opportunistic SMTP Security
  • Jacques Latour – DNS Operator Role in Domain Management
  • Glen Wiley, Eric Osterweil and Danny McPherson – DNSSEC/DANE: Tools to Encourage Adoption

6. Deploying New DNSSEC Algorithms – I'll then provide the last major presentation discussing the different aspects of deploying new cryptographic algorithms for use in DNSSEC. A specific case for this is the ECDSA algorithm, but the topics I'll cover will be applicable for all new algorithms.

7. DNSSEC - How Can I Help? – Finally, we'll wrap up with Russ Mundy and myself talking about the steps people can take when they leave the workshop to help in accelerating the deployment of DNSSEC.

If you are interested in DNSSEC and DANE, these workshops are excellent ways to keep up-to-date with the latest changes and developments in the world of DNSSEC. I'd encourage any of you to join in and listen. (Questions can also be submitted by remote participants.)

P.S. If you would like to get started with DNSSEC or DANE, please visit the Internet Society Deploy360 "Start Here" page to find resources to begin!

By Dan York, Author and Speaker on Internet technologies - and on staff of Internet Society. Dan is employed as a Senior Content Strategist with the Internet Society but opinions posted on CircleID are entirely his own. Visit the blog maintained by Dan York here.

Related topics: Cybersecurity, DNS, DNS Security

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Verisign

Cybersecurity

Sponsored by Verisign
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Afilias

DNS Security

Sponsored by Afilias

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll