Archive for May, 2010

Deployment webinar offered June 9

“Lessons from the Trenches: Deploying DNSSEC” is an Afilias webinar targeting country code top-level domain registries with an hour of “key questions to ask yourself when deciding upon DNSSEC deployment parameters and timeline”  and “infrastructure changes required for your registry and DNS systems to support DNSSEC.”

Scheduled for 11:00 am EDT on June 9, the webinar speakers include Initiative partner and Shinkuro CEO Steve Crocker, along with John Kane, vice president, corporate services and Ram Mohan, vice president and chief technology officer, Afilias; Rickard Bellgrim of the .SE registry; and Lauren Price of .ORG and the Public Interest Registry.   Registration is required.

No Comments

ICANN announces change to root deployment schedule

ICANN will delay by two weeks–to July 15–the scheduled July 1 deployment of DNSSEC at the root zone.  On that date, ICANN will distribute a “validatable, production, signed root zone” and publish a trust anchor. The announcement noted:

The schedule change is intended to allow ICANN and VeriSign an additional two weeks for further analysis of the DURZ rollout, to finalise testing and best ensure the secure, stable and resilient implementation of the root DNSSEC production processes and systems

No Comments

This summer: Steps Toward DNSSEC

Afilias Executive Vice President and CTO Ram Mohan offers this Circle ID post on “More Stepping Stones Before This Summer’s Seminal DNSSEC Events.”  From the post:

We will now get to see, before a validatable root zone is published, how the DNS infrastructure will behave as more queries for DNSSEC information result in larger responses. Answers to the important question about how the DNS scales with the addition of DNSSEC will hopefully start to filter in, as well as the opportunity to watch for abnormalities in the system. The final step in the root’s DNSSEC deployment will occur in July when a validatable root zone is published.

Mohan calls on ISPs, TLD registries and application providers to encourage their technical teams to participate in DNSSEC testing as the summer progresses.  Afilias works with .org and the Public Interest Registry on its DNSSEC deployment.

, ,

No Comments

All root servers are DNSSEC-ready

As reported today in The H Online, “all 13 root servers are now serving a signed version of the root zone.”  And, despite numerous rumors circulating on the web, the article notes:

There have been no reports of any problems in the immediate aftermath of VeriSign’s J root server starting to serve DNSSEC signatures. Experts at the 60th RIPE meeting in Prague were almost unanimous in predicting a glitch-free switchover, following the successful switchovers of the other 12 root servers in recent months. The only apocalyptic note was sounded by a countdown to the demise of the unsigned root zone.

The article discusses next steps, including disclosure of a public key and a June key signing ceremony that will bring together volunteer crypto officers and recovery key share holders from around the world.

No Comments