Home / Blogs

Call for Participation – ICANN DNSSEC and Security Workshop at ICANN67, Cancun, Mexico

By Dan York Author and Speaker on Internet technologies - and on staff of Internet Society

The ICANN Security and Stability Advisory Committee (SSAC) and the Internet Society Deploy360 Programme are planning a DNSSEC and Security Workshop during the ICANN67 meeting held from 07-12 March 2020 in Cancun, Mexico.

The original DNSSEC Workshop has been a part of ICANN meetings for many years and has provided a forum for both experienced and new people to meet, present, and discuss current and future DNSSEC deployments. The program committee added a new focus on security to the workshop to address various emerging security related issues such as DoT/DoH impacts and potential abuses, impacts of RPKI deployments, BGP hijacking, and other Internet-related routing issues.

For reference, the most recent session was held at the ICANN Annual General Meeting in Montreal, Quebec on 06 November 2019. The presentations and transcripts are available at: https://66.schedule.icann.org/meetings/1116787 and https://66.schedule.icann.org/meetings/1116788

The DNSSEC and Security Workshop Program Committee is developing a 3-hour program. Proposals are sought for the following topic areas:

1. Global DNSSEC Activities Panel

For this panel, we are seeking participation from those who have been involved in DNSSEC deployment as well as from those who have not deployed DNSSEC but who have a keen interest in the challenges and benefits of deployment, including Root Key Signing Key (KSK) Rollover activities and plans.

2. DNSSEC Best Practice

Now that DNSSEC has become an operational norm for many registries, registrars, and ISPs, what have we learned about how we manage DNSSEC? Do you still submit/accept DS records with Digest Type 1? What is the best practice around key roll-overs? What about Algorithm roll-overs? Do you use and support DNSKEY Algorithms 13-16? How often do you review your disaster recovery procedures? Is there operational familiarity within your customer support teams? What operational statistics have we gathered about DNSSEC? Are there experiences being documented in the form of best practices, or something similar, for transfer of signed zones? Activities and issues related to DNSSEC in the DNS Root Zone are also desired.

3. DNSSEC Deployment Challenges

The program committee is seeking input from those that are interested in implementation of DNSSEC but have general or particular concerns with DNSSEC. In particular, we are seeking input from individuals that would be willing to participate in a panel that would discuss questions of the following nature:

  • Are there any policies directly or indirectly impeding your DNSSEC deployment? (RRR model, CDS/CDNSKEY automation)
  • What are your most significant concerns with DNSSEC, e.g., complexity, training, implementation, operation or something else?
  • What do you expect DNSSEC to do for you and what doesn’t it do?
  • What do you see as the most important trade-offs with respect to doing or not doing DNSSEC?

4. Security Panel

New to recent workshops, the program committee is looking for presentations on DNS and Routing topics that could impact the security and/or stability of the Internet.

  • DoH and DoT issues, challenges and opportunities including misuse of the technologies (such as distribution of malware via DoH)
  • RPKI adoption and implementation issues, challenges and opportunities
  • BGP/routing/hijack issues, challenges and opportunities
  • MANRS implementation challenges and opportunities
  • Do multiple security mechanisms dilute the need for each of the mechanisms (e.g. DNSSEC, DoH and DoT)
  • Emerging threats that could impact (real or perceived) the security and/or stability of the internet
  • Domain hacking/hijacking prevention, best practice and techniques
  • Browser related security implementations
  • DMARC Challenges, opportunities and Best Practices
  • BGP Flowspec challenges, opportunities and Best Practices

In addition, we welcome suggestions for additional topics, either for inclusion in the ICANN67 workshop, or for consideration for future workshops.

If you are interested in participating, please send a brief (1-2 sentence) description of your proposed presentation to [email protected] by 07 February 2020.

Thank you,
Andrew and Kathy
On behalf of the DNSSEC and Security Workshop Program Committee:
Mark Elkins, DNS/ZACR
Jacques Latour, .CA
Russ Mundy, Parsons
Ondrej Filip, CZ.NIC
Yoshiro Yoneya, JPRS
Fred Baker, ISC
Dan York, Internet Society

By Dan York, Author and Speaker on Internet technologies - and on staff of Internet Society

Dan is the Director, Online Content, for the Internet Society but opinions posted on CircleID are his own. View more of Dan’s writing and audio here.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Cybersecurity

Sponsored byVerisign

Domain Names

Sponsored byVerisign

View All Topics