[AfrICANN-discuss] Fwd: DNSSEC This Month, May 1, 2009, Volume 4, No.5: Thailand's Top Level Domain becomes the first signed ccTLD in Asia, Swiss plan DNSSEC trial, IETF announces new DNSSEC-related Internet draft, and more!

Anne-Rachel Inné annerachel at gmail.com
Sat May 2 08:36:16 SAST 2009

News on DNSSEC.

---------- Forwarded message ----------
From: news-editor at dnssec-deployment.org <news-editor at dnssec-deployment.org>
Date: Fri, May 1, 2009 at 10:41 PM
Subject: DNSSEC This Month, May 1, 2009, Volume 4, No.5: Thailand's Top
Level Domain becomes the first signed ccTLD in Asia, Swiss plan DNSSEC
trial, IETF announces new DNSSEC-related Internet draft, and more!
To: DNSSEC This Month <news at dnssec-deployment.org>

DNSSEC This Month
ISSN 1932-6564
May 1, 2009
Volume 4, Number 5

Welcome to the May 2009 edition of DNSSEC THIS MONTH, a monthly newsletter
about advances in securing the Internet's naming infrastructure in the
government, business and education sectors. The DNS Security Extensions
(DNSSEC) Deployment Coordination Initiative, which produces this newsletter,
is part of a global effort to deploy new security measures that will help
the DNS perform as people expect it to -- in a trustworthy manner. This
newsletter will offer updates on progress of early adopters and advances in
DNS security extension development. For more information on progress toward
DNSSEC deployment, read the initiative roadmap at <

The U.S. Department of Homeland Security Science and Technology Directorate
provides support for coordination of the Initiative.

To subscribe, please send a message to <news-subscribe at dnssec-deployment.org

To unsubscribe, please send a message to <
news-unsubscribe at dnssec-deployment.org>

For more information, go to <

As of April 30, the SecSpider monitoring site showed 4428 DNSSEC enabled
zones using both KSKs and ZSKs.

Editor: Denise Graveline

Contact: <news-editor at dnssec-deployment.org>

Thailand's Top Level Domain becomes the first signed ccTLD in Asia: On March
30, 2009 .TH became a signed zone and the first signed ccTLD in Asia. Pensri
Arunwatanamongkol, Technical contact for the Thai Network Information
Center, which manages .TH, thanked NSRC (Network Startup Resource Center, <
http://www.nsrc.org/>), .SE (<http://www.iis.se/en/>), NLnet Labs (<
http://www.nlnetlabs.nl/>), and Internet Systems Consortium (ISC, <
www.isc.org>) for their help and support. The DS record corresponding to the
KSK for .TH is stored in IANA's Interim Trust Anchor Repository (ITAR, <

Swiss plan DNSSEC trial: SWITCH (<http://www.switch.ch>), which provides the
nonprofit support for Swiss university networks, is planning a DNSSEC trial
in dot-CH in August or September 2009, with the goal of officially
introducing DNSSEC in February 2010. The group is inviting interested
parties to participate, including the Swiss Network Operators Group,
operators of sensitive websites (such as banks, media companies and more);
hosting providers that sell DNS services; ISPs hosting recursive DNS
resolvers; and partners of SWITCH that will offer DNSSEC as registrars. An
initial meeting will be convened at the end of May. Find the details at <
http://www.mrmouse.ch/swinog-rss/index.php?itemId=4774> or contact them at
<dnssec at switch.ch>.

IETF announces new DNSSEC-related Internet draft: A new Internet draft has
been issued on how to produce GOST signature and hash algorithms DNSKEY and
RRSIG resource records for use in the Domain Name System Security Extensions
(DNSSEC, RFC 4033, RFC 4034, and RFC 4035). For more information and links
go to <http://www.spinics.net/lists/ietf-ann/msg45797.html>.

APWG convenes DNSSEC panel: The Anti-Phishing Working Group convened a panel
at its meeting during the RSA Conference in San Francisco April 22 (<
http://dnsseccoalition.org/website/?m=20090422>), featuring speakers from
Secure64; dot-ORG, The Public Interest Registry; Afilias Limited; and
Shinkuro. The RSA Conference also included sessions on DNS cache poisoning
and DNSSEC deployment (<http://www.rsaconference.com/2009/us/index.htm>).

Secure64 CTO interviewed on DNSSEC: In a SANS Institute ‘security thought
leader’ interview, Secure64 Chief Technology Officer Bill Worley said of
DNSSEC, “Once we can implement this globally…SSL actually becomes
trustworthy.” Worley, whose company has issued DNSSEC key management and
zone signing software, called DNS Signer, discusses why DNSSEC interests him
as well as broader security topics. Read the full interview here: <

NIST DNSSEC deployment described: Government Computer News issued two
articles describing efforts at the U.S. National Institute of Standards and
Technology to deploy DNSSEC across the dot-GOV domain. “How NIST put DNSSEC
into play” looks at NIST’s efforts to deploy DNSSEC at its agency for a full
year before government-wide deployment (read the full article at <
http://gcn.com/Articles/2009/04/06/NIST-DNSsec-in-play.aspx>) and “Walk,
don’t run, to DNSSEC deployment” (at <
http://gcn.com/articles/2009/04/06/nist-dnssec-lessons.aspx>) offers steps
to take when preparing for DNSSEC deployment.

RFCs turn 40: Initiative partner and Shinkuro CEO Steve Crocker reflects on
the 40th anniversary of Requests for Comments in “How the Internet Got Its
Rules,” an opinion article that appeared in the New York Times April 7. Read
the article here (<
http://www.nytimes.com/2009/04/07/opinion/07crocker.html?_r=1&emc=eta1>) and
see the list of DNSSEC-related RFCs here: <

.GOV NSEC3 DNSSEC Key added to DLV Tree: The DNS-OARC has announced that the
SEP key for the .GOV TLD will be re-inserted into the DLV. The .GOV TLD was
removed from the DLV when it was discovered that the presence of a NSEC3 KSK
in the DLV was causing validation errors in some clients. Validators that
fail when encountering an NSEC3 signed zone need to be upgraded to a
validating resolver that understands NSEC3 responses. See <
https://www.dns-oarc.net/oarc/services/dlvtest> for more information on the
DLV NSEC3 test zone and NSEC3 SEP key information in the DLV.

Workshops help networks, organizations deploy DNSSEC: While the protocols
needed to add additional security to DNS queries and responses exist,
network administrators and organizational leaders in all sectors need to
accept DNSSEC and put it to use. Here’s a roundup of speakers and sessions
that may help you work through deployment:

RIPE 58 in Amsterdam: RIPE convenes its next meeting in Amsterdam, May 4-8,
including these DNSSEC-related sessions: DNSSEC PMTU Observations from
UCLA’s Eric Osterweil will be one of the plenary topics, and Shinkuro’s
Olafur Gudmundsson will give an overview of DNSSEC Trust Anchor options on
May 5. Go here to register and for more information: <

OARC workshop also in Amsterdam: The DNS Operations, Analysis, and Research
Center (DNS-OARC) will hold its first workshop of 2009 in Amsterdam,
following the RIPE meeting. Olafur Gudmundsson of Shinkuro will discuss
“Transferring DNSSEC Signed Domains” and will join a panel on DNSSEC Trust
Anchor Repositories on Saturday, May 8. Go here for registration and program
details: <https://www.dns-oarc.net/oarc/workshop-200905>.

FISC 2009 in Colorado Springs: The Federal Information Security Conference
(FISC 2009) meeting (June 3-4) will have a DNSSEC session featuring
government and industry speakers. For more information, Go to <

ICANN to Sydney in June: ICANN’s Sydney meeting is slated for June 21-26,
with a DNSSEC workshop on the program June 24. Go here for general program
information (<http://syd.icann.org/>) and here for DNSSEC workshop details

IETF to Stockholm in July: IETF meets July 26-31 in Stockholm. Find the
program and registration information at <

DNSSEC This Month,
Vol. 4, No. 5, May 1, 2009
ISSN 1932-6564

This message is sent to you because you are subscribed to
 the mailing list <news at dnssec-deployment.org>.
To unsubscribe, E-mail to: <news-unsubscribe at dnssec-deployment.org>
Send administrative queries to  <news-request at dnssec-deployment.org>

Anne-Rachel Inne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20090502/b393f08f/attachment.htm

More information about the AfrICANN mailing list