Archive for January, 2010
AFNIC urges readiness for a signed root
Posted by Denise Graveline in Uncategorized on January 29, 2010
AFNIC, the registry of the database of .fr (France) and .re (Reunion Island) Internet domain names, has issued this announcement to network administrators, inviting them to prepare for the advent of DNSSEC deployment at the root and offering preparation steps, links to resources and more.
Deployment watch: Nominet to sign .UK March 1
Posted by Denise Graveline in Uncategorized on January 28, 2010
Nominet, the Internet registry for .UK domain names, has announced it will implement DNSSEC in zones it manages, beginning March 1, 2010 with the .UK top-level domain. The announcement notes:
With the signing of the root so close (scheduled for mid-2010), we have taken the decision not to include the keys in the major DNSSEC key stores…Instead, we will use the period as an extended operational test, waiting until the root goes live before publishing our trust anchor in the root zone.
The next phase will include signing .co.uk and other SLDs, Nominet said.
DNSSEC signed answers from L root server
Posted by Olafur Gudmundsson in Adoption, DNSSEC, News on January 27, 2010
The first root server (L) has started to serve up a signed version of the root zone. This is the first step in the live testing that will lead to a production signed root by the middle of the year. For information on the status of the root signing process visit: http://www.root-dnssec.org/
The root is intentionally publishing bogus signing keys, so the answers are not verifiable. Once the testing completes the actual keys will be published.
Current DNSKEY set advertised:
. 86400 IN DNSKEY 256 3 8 AwEAAa1Lh++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOULD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MORE/INFORMATION+++
+++++++++++++++++++++++++++++++++++++++++++++++8
. 86400 IN DNSKEY 257 3 8 AwEAAawBe++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOULD/NOT/BE/USED/CONTACT/ROOTSIGN/AT/ICANN/DOT/ORG/FOR/MORE/INFORMATION+++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++8=
. 86400 IN RRSIG DNSKEY 8 0 86400 20100204235959 20100121000000 19324 . NO9bHgWYB3wQlVZXQKwDGUjTgIyfz1i8aWH8nBlT5isnYbr6PTfR4fWlSx8+avFfR0fVekauaQelKOyiUav4H9Y1AZ2OBguu7RjozQu1qErKboWd1NglIIOGar0Ol4Ur9+
4bo2LSxjp/X4ESypW0lX04z5uB6DZZei1zafzRGUnLIMdV9xdKEOJrm9UCKvYK5g8bjRq8KA8vT+
pidexZMrBQ3ie8R9daf/s6VK7zUJK0jF1vqhPbZFSQmBpJUlxh4VnOv7nnhcq4Moj49wqmNxKRqfvSwHAJBG6dEgShnlu/rfVsdxfFUCjIGX8YnSC7lYqODwgUGh+i/arA AK+bzg==
Deployment watch: 15,000 Czech domains signed “in one go”
Posted by Denise Graveline in Uncategorized on January 27, 2010
The Czech registry CZ.NIC announced yesterday that nearly 15,000 Czech domains (14,236) were signed yesterday, all at once. WEB4U, one of the largest Czech registrars with 21,000 registered .CZ domains, decided to implement DNSSEC in all its registered domains, automatically and free of charge.
The CZ.NIC Association launched DNSSEC in October 2008 and says it registered 1414 DNSSEC-protected domains by the end of 2009. CEO Ondrej Filip said:
We greatly appreciate WEB4U’s decision because it will significantly contribute to the security of not only the Czech Internet. By doing so, we also point the way to other countries which are currently launching the technology. DNSSEC is important in particular for those who seek the highest possible security of their information on the Internet. Among these are banks or e-shops on whose websites the visitors often enter sensitive personal data such as user names and passwords, credit card numbers etc.
DNSSEC session at FOSE adds speakers
Posted by Denise Graveline in Uncategorized on January 25, 2010
We’re adding new speakers every day: Follow this link to see the updated program for the DNSSEC Deployment Coordination Initiative’s special session at the FOSE conference and exhibition. ” What’s Next in DNSSEC: Securing the Domain Name System,” will take place on Wednesday, March 24, 2010, from 10:30 a.m. to 4:30 p.m. The conference attracts U.S. government information technology professionals in Washington, D.C. In addition to the session, the FOSE Expo will include a special DNSSEC Pavilion with booths from the Initiative as well as other DNSSEC-related exhibitors.
Registration for FOSE is free for U.S. government employees, government contractors and U.S. military, and registration for the Expo is $50. Go here to register for FOSE. To exhibit in the DNSSEC Pavilion at FOSE, contact Don Berey, Show Director at 703-876-5073 or email [email protected].
U.S. federal DNSSEC deployment lags behind deadline
Posted by Denise Graveline in Adoption, DNSSEC, Meetings and Workshops on January 21, 2010
Based on monitoring data from Secure64, Network World reported today that only 20 percent of U.S. federal agencies have deployed DNSSEC in time to meet a mandate from the White House Office of Management and Budget. From the article, Initiative partner Steve Crocker, CEO of Shinkuro, Inc., said:
Missing the mark by one year is pretty good news in this business…There is a gradual tightening of security going on up and down the Internet protocol stack. DNSSEC isn’t the be-all-and-end-all, but it’s an important piece. The technical community has been working on DNSSEC for 20 years. The top part of .gov is signed, and now we’re seeing the other pieces coming along.
U.S. federal deployment will be the topic of the DNSSEC Deployment Coordination Initiative’s special one-day program at FOSE 2010 on March 24. Go here to see an updated program and links to register or exhibit.
Deployment watch: Malaysia targets 4th quarter
Posted by Denise Graveline in Uncategorized on January 20, 2010
Malaysia’s .my registry is targeting the fourth quarter of 2010 for its deployment, following a testbed and a public trial. Norsuzana Harun, technology and innovation manager at .myDomainRegistry, writes this update in TechCentral:
In Malaysia, .myDomainRegistry is also preparing for DNSSEC deployment. Following the completion of a closed testbed, the organisation will be conducting the DNSSEC Public Trial, which aims to provide first-hand experience on the workings of DNSSEC, encourage adoption of the technology and improve current DNSSEC policies and end-user manuals. .myDomainRegistry targets for DNSSEC deployment in Q4 this year. Key stakeholders play a very important part in creating a trusted network that will ensure the success of DNSSEC.
Educause factsheet highlights DNSSEC
Posted by Denise Graveline in Adoption, DNSSEC, Technical guides, Uncategorized on January 15, 2010
Educause has just published a two-page factsheet on 7 things you should know about DNSSEC, aimed at college and university information technology officials. Noting that “DNSSEC can be an important part of a broad-based cybersecurity strategy,” the fact sheet explains that security has special implications for institutions of higher education:
Colleges and universities are expected to be “good Internet citizens” and to lead by example in efforts to improve the public good. Because users tend to trust certain domains, including the .edu domain, more than others, expectations for the reliability of college and university websites are high. To the extent that institutions of higher education depend on their reputations, DNSSEC is an avenue to avoid some of the kinds of incidents that can damage a university’s stature.
GCN: DNSSEC among top 10 technologies for 2010
Posted by Denise Graveline in Adoption, DNSSEC, News on January 15, 2010
Adding to our compilation of observers who’ve put DNSSEC on their lists of 2010 trends to watch, Government Computer News has put DNSSEC on its list of 10 Technologies to Watch in 2010. Noting that the DNS security extensions “add an important level of assurance,” the article noted:
Leading by example, the U.S. government has helped to spur adoption. Following disclosure last year of a serious vulnerability in the DNS protocols, the Office of Management and Budget mandated that the dot-gov top-level domain be signed in 2009 and that agencies sign their secondary domains by the end of that year.
Schmidt: DNSSEC among “important steps forward”
Posted by Denise Graveline in DNSSEC, Policy on January 15, 2010
Computer Weekly asked some cybersecurity leaders to comment on whether a single organization was needed to assure the security of the Internet. Howard Schmidt, the former president and CEO of the Information Security Forum who has been named cybersecurity coordinator by U.S. President Barack Obama, noted:
“…we are seeing some important steps forward. Technologies such as the DNS Security Extensions DNSSEC, SSL and PGP encryption along with standards such as PCI DSS are making it safer for us all to use the Internet.”
-
You are currently browsing the archives for January, 2010
Sponsored By
Recent Comments