[AfrICANN-discuss] Fwd: DNSSEC This Month, December 1, 2009,
Volume 4, No. 12,
Deployment watch: Penn, dot-TM, VeriSign, Dyn and NamesBeyond,
Dot-ORG documents "the DNSSEC groundswell",and more!
Anne-Rachel Inné
annerachel at gmail.com
Tue Dec 1 20:16:23 SAST 2009
---------- Forwarded message ----------
From: news at dnssec-deployment.org <jeffrey at shinkuro.com>
Date: Tue, Dec 1, 2009 at 7:10 PM
Subject: DNSSEC This Month, December 1, 2009, Volume 4, No. 12, Deployment
watch: Penn, dot-TM, VeriSign, Dyn and NamesBeyond, Dot-ORG documents "the
DNSSEC groundswell",and more!
To: DNSSEC This Month <news at dnssec-deployment.org>
DNSSEC This Month
ISSN 1932-6564
December 1, 2009
Volume 4, Number 12
Welcome to the December 2009 edition of DNSSEC THIS MONTH, a monthly
newsletter about advances in securing the Internet's naming infrastructure
in the government, business and education sectors. The DNS Security
Extensions (DNSSEC) Deployment Coordination Initiative, which produces this
newsletter, is part of a global effort to deploy new security measures that
will help the DNS perform as people expect it to -- in a trustworthy manner.
This newsletter will offer updates on progress of early adopters and
advances in DNS security extension development. For more information on
progress toward DNSSEC deployment, read the initiative roadmap at
<http://www.dnssec-deployment.org/technology/roadmap.htm.>
The U.S. Department of Homeland Security Science and Technology Directorate
provides support for coordination of the Initiative.
To subscribe, please send a message to
<news-subscribe at dnssec-deployment.org>
To unsubscribe, please send a message to
<news-unsubscribe at dnssec-deployment.org>
For more information, go to
<http://www.dnssec-deployment.org/news/dnssecthismonth>
As of November 30, the SecSpider monitoring site showed 4817 DNSSEC enabled
zones using both KSKs and ZSKs.
Editor: Denise Graveline
Contact: <news-editor at dnssec-deployment.org>
Deployment watch: Penn, dot-TM, VeriSign, Dyn and NamesBeyond: Help this
newsletter stay up-to-date on your organization's deployment news by
submitting information about your DNSSEC deployment deadlines, test beds or
other progress to <tldwatch at shinkuro.com>. This month's updates include:
* University of Pennsylvania first U.S. university to deploy: The
University of Pennsylvania announced it is the first U.S. university to
implement DNSSEC across the entire institution. Shumon Huque, a Penn IT
technical director, also is working with EDUCAUSE to secure the dot-EDU
top-level domain "Higher education can take a leadership role in securing
the DNS," Huque said. "If a few universities in advanced networking adopt
DNSSEC and share experiences, we can make broad deployment more
straightforward for the larger community." Read the announcement at
<http://www.upenn.edu/almanac/volumes/v56/n11/dns.html>.
* Turkmenistan announces DNSSEC deployment: Turkmenistan's dot-TM domain
registry has launched DNSSEC. While not a trademark registry, it encourages
trademark owners to register dot-TM names. Read the announcement at
<http://www.reuters.com/article/pressRelease/idUS175619+29-Oct-2009+BW200910
29> and more about dot-TM at
<http://www.zdnet.com.au/news/business/soa/-TM-domain-back-on-the-market/0,1
39023166,120272805,00.htm?omnRef=http://www.nic.tm/pressquotes.html<http://www.zdnet.com.au/news/business/soa/-TM-domain-back-on-the-market/0,1%0A39023166,120272805,00.htm?omnRef=http://www.nic.tm/pressquotes.html>
>.
* VeriSign launches boot camp, tools and training to aid DNSSEC deployment:
VeriSign has created a technical "boot camp" program to train registrars,
ISPs and larger registrants in DNSSEC assessment and implementation. The
effort also includes an interoperability lab that will allow vendors to
evaluate how their equipment works with DNSSEC. Network and computing
equipment manufacturers also are being invited to VeriSign to review how
DNSSEC will work with their equipment when DNSSEC is implemented in the .com
and .net TLDs. VeriSign has announced it will deploy DNSSEC in the dot-COM
and dot-NET domains by early 2011 and is working with EDUCAUSE on DNSSEC
deployment in the dot-EDU domain. Read more at
<http://money.cnn.com/news/newsfeeds/articles/marketwire/0558203.htm> and at
the VeriSign DNSSEC resource center at
<http://www.verisign.com/domain-name-services/domain-information-center/dnss
ec-resource-center/index.html<http://www.verisign.com/domain-name-services/domain-information-center/dnss%0Aec-resource-center/index.html>
>.
* Dyn, Inc. reports on testing with dot-ORG: Dyn, Inc. published resources
and updates about its testbed and other preparations for deploying DNSSEC
for dot-ORG zones registered with the company. Read its updates at
<http://dyn.com/DynIncLeadsTheChargeForDNSSEC>.
* NamesBeyond has embedded support for DNSSEC. They offer DNSSEC management
and configuration, allowing customers to configure DNSSEC parameters such as
key type, size, validity period, supporting both NSEC and NSEC3 parameters.
More information can be found at <http://www.namesbeyond.com/dnssec/>.
Dot-ORG documents "the DNSSEC groundswell:" A blog post from dot-ORG, the
Public Interest Registry, details the "groundswell" of progress toward
DNSSEC deployment, from major steps such as the U.S. federal government
mandate for agencies to deploy DNSSEC to PayPal's support for the security
extensions. Read the summary at <http://blog.pir.org/?p=185>.
Infoblox study shows tripling of DNSSEC adoption: Government Computer News
notes that a recent Infoblox and Measurement Factory study of domain name
servers on the Internet found a tripling of zones signed with DNSSEC, based
on a sample of 5 percent of the Internet's IPv4 address space. From the
article: "The scan showed that the number of zones signed using DNSSEC-the
DNS Security Extensions-jumped from 45 to 167 in the past year. 'The
[DNSSEC] numbers in an absolute sense are small,' [Infoblox Vice President
for Architecture Cricket] Liu said. 'But people do seem to be interested in
it. It's catching on'." Read the full article at
<http://gcn.com/Articles/2009/11/10/DNS-survey-DNSSEC.aspx?Page=1>.
ICANN releases DNSSEC policy and practices: A working draft of ICANN's
DNSSEC Policy and Practice Statement for the root-zone key-signing key
operator was issued in November, codifying practices for management and
issuing of DNS keys in keeping with U.S. Department of Commerce
requirements. Read the draft at
<http://www.ntia.doc.gov/DNS/ICANN_dnssecDraft_091112.txt>.
ENISA, the European Network and Information Security Agency, has issued a
report, "Study on the costs of DNSSEC Deployment"
<http://www.enisa.europa.eu/act/res/technologies/tech/dnsseccosts>.
The purpose of the report is to study the costs of DNSSEC deployment, assess
the required changes of roles required by DNSSEC deployment, and analyze the
investments that deployment of DNSSEC would require. The study concludes,
among its many findings, that the cost of deployment will be lowest among
pure registrars and higher for registries and zone operators.
Workshops to update your DNSSEC knowledge: Here are forthcoming conferences,
workshops and sessions focused on helping you deploy and understand DNSSEC
and related issues:
* DNSSEC deployment to be featured at FOSE 2010: A special presentation,
"What's Next in DNSSEC: Securing the Domain Name System" will be presented
at FOSE, the conference and exhibition for the U.S. government IT community,
on Wednesday, March 24, 2010 from 10:30 a.m. to 4:30 p.m. Registration for
the session will begin in November 2009 and is open to all FOSE and
GovSec/U.S. Law attendees; pre-registration is required for the session,
which is free. The day-long session will assess the U.S. federal response to
securing its domains; examine challenges faced by agencies deploying DNSSEC;
and share lessons learned and next steps as DNSSEC is deployed in other
sectors. Software and hardware naming solutions also will be presented to
update participants on available options for automating or easing deployment
challenges. The session is organized by the DNSSEC Deployment Coordination
Initiative and supported by the U.S. Department of Homeland Security. To
exhibit in the DNSSEC Pavilion at FOSE, contact Don Berey, Show Director at
703-876-5073 or send him an email at <dberey at 1105govinfo.com>. For more
information on the session or to register, go to
<http://fose.com/events/fose-2010/tracks/whats-next-in-dnssec.aspx>.
* ICANN to Nairobi: ICANN's 37th meeting will be held in Nairobi, Kenya,
March 7-12, 2010. For details, go to <http://nbo.icann.org/>.
* IETF to California: IETF will convene its 77th meeting in Anaheim,
Calif., March 21-26. For more on upcoming IETF meetings, go to
<http://www.ietf.org/meeting/upcoming.html>.
DNSSEC This Month,
Vol. 4, No. 12, December 1, 2009
ISSN 1932-6564
#############################################################
This message is sent to you because you are subscribed to
the mailing list <news at dnssec-deployment.org>.
To unsubscribe, E-mail to: <news-unsubscribe at dnssec-deployment.org>
Send administrative queries to <news-request at dnssec-deployment.org>
--
Anne-Rachel Inne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20091201/e3905d2b/attachment-0001.htm
More information about the AfrICANN
mailing list