The DNSSEC Deployment Initiative, in cooperation with the ICANN Security
and Stability Advisory Committee (SSAC), is planning a DNSSEC Workshop at
the ICANN meeting in Durban, South Africa on 17 July 2013. The DNSSEC
Workshop has been a part of ICANN meetings for several years and has
provided a forum for both experienced and new people to meet, present and
discuss current and future DNSSEC deployments. For reference, the most
recent session was held at the ICANN meeting in Beijing, China on 10 April
2013. The presentations and transcripts are available
We are seeking presentations on the following topics:
1. DNSSEC Activities in Africa
For this panel we are seeking participation from those who have been
involved in DNSSEC deployment in Africa as well as those who have a keen
interest in the challenges and benefits of deployment. Key questions are
to consider include: What would help to promote DNSSEC deployment? What
are the challenges you have faced when you deployed DNSSEC?
2. The Operational Realities of Running DNSSEC
Now that DNSSEC has become an operational norm for many registries,
registrars, and ISPs, what have we learned about how we manage DNSSEC?
What’s best practice around key rollovers? How often do you review your
disaster recovery procedures? Is there operational familiarity within your
customer support teams? Has DNSSEC made DNS more ‘brittle’ or is it just a
run-of-the-mill operational practice? What operational statistics have we
gathered about DNSSEC? Is it changing DNS patterns? How are our
nameservers handling DNSSEC traffic? Is the volume as expected? Have we
seen anything unusual? Are there experiences being documented in the form
of best practices, or something similar, for transfer of signed zones?
3. DNSSEC and Enterprise Activities
DNSSEC has always been seen as a huge benefit to organizations looking to
protect their identity and security on the Web. Large enterprises are an
obvious target for DNS hackers and DNSSEC provides an ideal solution to
this challenge. This session aims to look at the benefits and challenges
of deploying DNSSEC for major enterprises. Topics for discussion:
* What is the current status of DNSSEC deployment among enterprises?
* What plans do the major enterprises have for their DNSSEC roadmaps?
* What are the challenges to deployment for these organizations? Do they
foresee raising awareness of DNSSEC with their customers?
4. When Unexpected DNSSEC Events Occur
What have we learned from some of the operational outages that we have
seen over the past 18 months? Are there lessons that we can pass on to
those just about to implement DNSSEC? How do you manage dissemination of
information about the outage? What have you learned about communications
planning? Do you have a route to ISPs and registrars? How do you liaise
with your CERT community?
5. Preparing for Root Key Rollover
For this topic we are seeking input on issues relating to root key
rollover. In particular, we are seeking comments from vendors, ISPs, and
the community that will be affected by distribution of new root keys.
6. DNSSEC: Regulative, Legislative and Persuasive Approaches to
There are many models in discussion for encouraging the take-up of DNSSEC
amongst TLDs. In some jurisdictions we have seen governmental edicts
insisting that DNSSEC is deployed across a Top Level Domain. In others, we
have seen reports produced for governments highlighting the lack of take
up and the need for tighter control amongst operators. Recently, we have
witnessed the consideration of mandated DNSSEC signing of zones by some
TLDs in order to gain access to newer premium domains. Have any of these
approaches worked in encouraging take up of DNSSEC? What role does a
national government have in assisting deployment of DNSSEC? How are some
of these measures perceived by registrars, DNS operators, ISPs and
7. DANE and Other DNSSEC Applications
Using DNSSEC as a means of authentication for http transactions is an
exciting development of DNSSEC. What is the progress of the DNS-Based
Authentication of Named Entities (DANE) initiative? (See
http://datatracker.ietf.org/wg/dane/.) How soon could DANE become a
deployable reality and what will be the impact of such a deployment, e.g.
impact on traditional certification authorities (CAs)?
8. Use of DNSSEC in the Reverse Space
This topic includes signed reverse zones, security products using reverse
DNS lookup for DNSSEC validation?
9. The Great DNS Panel Quiz
Ever fancied pitting your wits against your colleagues? Demonstrate your
knowledge and expertise in DNSSEC in our Great DNSSEC Panel Quiz.
In addition, we welcome suggestions for additional topics.
If you are interested in participating, please send a brief (1-2 sentence)
description of your proposed presentation to email@example.com by
**Monday, 10 June.**
We hope that you can join us.
On behalf of the DNSSEC Workshop Program Committee:
Steve Crocker, Shinkuro
Mark Elkins, DNS/ZACR
Cath Goulding, Nominet UK
Jean Robert Hountomey, AfricaCERT
Jacques Latour, .CA
Xiaodong Lee, CNNIC
Russ Mundy, Sparta/Parsons
Ondřej Surý, CZ.NIC
Lance Wolak, .ORG, The Public Interest Registry
Yoshiro Yoneya, JPRS
Dan York, Internet Society