Archive for June, 2010
BBC News: DNSSEC a “technology milestone”
Posted by Denise Graveline in Uncategorized on June 15, 2010
In “Technology milestone heralds a more secure Internet,” BBC News reports on the advent of the signed root zone. The article quotes Recursion Ventures chief scientist Dan Kaminsky:
“The basic flaw of the internet is one of trust and this will revolutionise the way we use the internet. In my mind the biggest benefit we will get…is secure email where it will be truly possible to know that when you get an email from your bank, it really is your bank.”
Upcoming workshops to focus on DNSSEC
Posted by Denise Graveline in Uncategorized on June 15, 2010
- Black Hat 2010 is offering two 2-day training sessions on “Understanding and Deploying DNSSEC” on July 24-25 and July 26-27. Led by Paul Wouters and Patrick Naubert, the sessions will include theoretical and lab work. Registration fees vary by date registered.
- The Global Cybersecurity Center in Rome will hold a DNSSEC Workshop June 30-July 1, with a focus on adoption of DNSSEC globally and in key sectors in Italy and neighboring countries. The workshop is free, but requires registration.
Root zone KSK practice statement issued
Posted by Denise Graveline in Uncategorized on June 15, 2010
A DNSSEC Practice Statement for the root zone key signing key manager (KSK) detailing “practices and provisions that ICANN, on behalf of the U.S. Department of Commerce (DoC), employ in providing Root Zone Key Signing and Key Distribution services,” another step toward signing the root zone this summer.
First key ceremony set for tomorrow
Posted by Denise Graveline in Uncategorized on June 15, 2010
ICANN detailed the first production DNSSEC key ceremony in a high security data center in Culpeper, VA, outside of Washington, DC, pictured here. The ceremony takes place tomorrow, June 16, and is designed to demonstrate the transparency and trust needed to secure the domain name system. The ICANN article describes the process that will be followed tomorrow:
During the key ceremony the first cryptographic digital key used to secure the Internet root zone will be generated and securely stored.
Each key ceremony consists of a series of detailed procedures designed to allow the private key material for the root zone to be managed in a transparent yet secure manner. The goal is for the whole Internet community to be able to trust that the procedures involved were executed correctly, and that the private key materials are stored securely.
Security of the private key is important because it ensures that any signature made by that key is known to originate from a legitimate key ceremony, and not by an untrusted third party.
Can .gov trust .com? asks GCN
Posted by Denise Graveline in Uncategorized on June 15, 2010
Government Computer News reported earlier this month on the islands of trust in the chain of DNS security as deployment moves forward, including interviews with Initiative partners Scott Rose of the National Institute of Standards and Technology, and Shinkuro CEO Steve Crocker. Crocker noted, “We are in the early days of deployment…We have some early adoption, and things are well on their way but still far away from the end point.” The article examines the progress of DNSSEC deployment in the U.S. federal government as well as the commercial, nonprofit and education sectors.
APNIC starts third phase of DNSSEC deployment
Posted by Denise Graveline in Uncategorized on June 11, 2010
APNIC, which provides Internet addressing services to the Asia Pacific region, is now in phase three of its DNSSEC deployment, in which it will introduce its members’ DNSSEC data. In previous phases, the group conducted a DNSSEC platform test and signed its zones. In the new phase, the announcment notes, members can “enable DNSSEC protection to their reverse zones by registering Delegation Signer (DS) resource records to their parent zone data that is stored in APNIC’s name servers. The phase 3 addition to MyAPNIC’s reverse delegation screen is an optional field that allows Members to enter the DS record when they are ready to implement DNSSEC.”
NTIA issues report, signals intent to complete root zone signing
Posted by Denise Graveline in Uncategorized on June 8, 2010
The National Telecommunications and Information Administration of the U.S. Department of Commerce has published notice in the Federal Register (PDF) today announcing that its testing and evaluation report on DNSSEC is available, and indicating the agency intends to proceed “with the final stages of DNSSEC deployment in the authoritative root zone.” The public is invited to review and comment on the report and the final steps in signing the root zone. Comments will be posted on the agency’s website.
DNSSEC deployed in .US; .BIZ shortly to follow, Neustar says
Posted by Denise Graveline in Uncategorized on June 7, 2010
Neustar announced today that DNSSEC has been deployed in the .US zone, and says that it is ready to accept Delegation Signer records. The .BIZ zone will be signed next, with DS record accepted as early as July 15, 2010. As a result, it will be “the second gTLD to be fully DNSSEC-enabled.”
Update – The .BIZ domain was signed on August 7, 2010.
First root zone KSK ceremony set
Posted by Denise Graveline in Uncategorized on June 4, 2010
CircleID reports on details of the first ICANN key signing key ceremony — at which ” first root zone KSK will be initialised and the first production KSR will be processed” — to be held June 16 in Culpeper, Virginia. The post notes:
…since this event has generated significant interest, we have made additional space available in an adjacent room for observers who wish to attend the event. Observers will be able to watch the proceedings within the ceremony room in real-time using a closed-circuit audio-visual feed from the ceremony room, and staff will be available to answer questions those attending might have about what they are seeing.
TERENA Networking Conference features June 3 DNSSEC session
Posted by Denise Graveline in Uncategorized on June 1, 2010
A half-day workshop on DNSSEC is scheduled for Thursday, June 3, at the TERENA Networking Conference, TNC 2010, in Lithuania. Starting at 1:30 local time/MET, the workshop panelists will examine an introduction to DNSSEC, open source and commercial solutions, and hands-on experiences. Go here for a live video and audio stream, and a recording will be available after the event. A Google Wave also will be available for remote participation.
Recent Comments