Where has DNSSEC been successful? What are some current statistics about DNSSEC deployment? What are examples of innovations that are happening with DNSSEC and DANE?

All of these questions will be discussed at the DNSSEC Workshop at ICANN 53 in Buenos Aires happening on Wednesday, June 24, 2015, from 09:00 – 15:15 Argentina time (UTC-3). You can watch and listen to the session live at:

https://buenosaires53.icann.org/en/schedule/wed-dnssec

All the slides that will be presented are currently available for download. The session will be recorded and the recording will be available from that same URL sometime after the meeting.

Here’s a quick look at the agenda for the day’s session:

1. Introduction and DNSSEC statistics – I will begin the day introducing the session and providing some of the latest statistics and information about DNSSEC deployment, both in terms of validation and signing.

2. DNSSEC Activities in the Latin American Region – We’ll have a series of speakers providing updates on DNSSEC deployment in the LAC region. Speakers include:

• Luciano Minuchin, NIC.AR – NIC Argentina (also panel moderator)
• Luis Diego Espinoza, Consultant, Costa Rica – DNSSEC Activities in LAC
• Carlos Martinez, LACNIC – DNSSEC in the Reverse Tree at LACNIC
• Gonzalo Romero, .CO – DNSSEC in the .CO: ccTLD Experiences and Challenges
• Rubens Kuhl, .BR – .BR DNSSEC Update ICANN 53
• Hugo Salgado, NIC.CL – DNSSEC in .CL: ICANN 53 Update

3. Update on DNSSEC KSK Root Key Rollover – Ed Lewis of ICANN will give an update on the work around planning the rollover of the root key of DNSSEC.

4. DNSSEC Automation – After a short break we’ll have a panel moderated by Russ Mundy about how to better improve the automation of DNSSEC activities. Panelists include:

• Eberhard Lisse, .NA – DNSSEC with SmartcardHSM
• Robert Martin-Legène, Packet Clearing House – Packet Clearing House (PCH) DNSSEC Signing Service
• Joe Waldron, Verisign – Verisign DNSSEC Signing Service

After this session we’ll break for lunch as well as the “Great DNS Quiz”. The lunch is sponsored by:

• Afilias
• CIRA
• Dyn
• .SE
• SIDN

5. Demonstrations and Presentations: DANE and Applications – After lunch, I’ll be moderating a panel where we’ll be demonstrating some of the innovative things people are doing with DNSSEC and the DANE protocol. Panelists include:

• Jaap Akkerhuis, NLNetLabs – One Year of DANE (Some) Lessons Learned
• Wes Hardaker – Opportunistic SMTP Security
• Jacques Latour – DNS Operator Role in Domain Management
• Glen Wiley, Eric Osterweil and Danny McPherson – DNSSEC/DANE: Tools to Encourage Adoption

6. Deploying New DNSSEC Algorithms – I’ll then provide the last major presentation discussing the different aspects of deploying new cryptographic algorithms for use in DNSSEC. A specific case for this is the ECDSA algorithm, but the topics I’ll cover will be applicable for all new algorithms.

7. DNSSEC - How Can I Help? – Finally, we’ll wrap up with Russ Mundy and myself talking about the steps people can take when they leave the workshop to help in accelerating the deployment of DNSSEC.

If you are interested in DNSSEC and DANE, these workshops are excellent ways to keep up-to-date with the latest changes and developments in the world of DNSSEC. I’d encourage any of you to join in and listen. (Questions can also be submitted by remote participants.)

P.S. If you would like to get started with DNSSEC or DANE, please visit the Internet Society Deploy360 “Start Here” page to find resources to begin!