<div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername"><a href="mailto:news@dnssec-deployment.org">news@dnssec-deployment.org</a></b> <span dir="ltr"><<a href="mailto:jeffrey@shinkuro.com">jeffrey@shinkuro.com</a>></span><br>
Date: Tue, Dec 1, 2009 at 7:10 PM<br>Subject: DNSSEC This Month, December 1, 2009, Volume 4, No. 12, Deployment watch: Penn, dot-TM, VeriSign, Dyn and NamesBeyond, Dot-ORG documents "the DNSSEC groundswell",and more!<br>
To: DNSSEC This Month <<a href="mailto:news@dnssec-deployment.org">news@dnssec-deployment.org</a>><br><br><br>DNSSEC This Month<br>
ISSN 1932-6564<br>
December 1, 2009<br>
Volume 4, Number 12<br>
<br>
<br>
Welcome to the December 2009 edition of DNSSEC THIS MONTH, a monthly<br>
newsletter about advances in securing the Internet's naming infrastructure<br>
in the government, business and education sectors. The DNS Security<br>
Extensions (DNSSEC) Deployment Coordination Initiative, which produces this<br>
newsletter, is part of a global effort to deploy new security measures that<br>
will help the DNS perform as people expect it to -- in a trustworthy manner.<br>
This newsletter will offer updates on progress of early adopters and<br>
advances in DNS security extension development. For more information on<br>
progress toward DNSSEC deployment, read the initiative roadmap at<br>
<<a href="http://www.dnssec-deployment.org/technology/roadmap.htm" target="_blank">http://www.dnssec-deployment.org/technology/roadmap.htm</a>.><br>
<br>
The U.S. Department of Homeland Security Science and Technology Directorate<br>
provides support for coordination of the Initiative.<br>
<br>
To subscribe, please send a message to<br>
<<a href="mailto:news-subscribe@dnssec-deployment.org">news-subscribe@dnssec-deployment.org</a>><br>
<br>
To unsubscribe, please send a message to<br>
<<a href="mailto:news-unsubscribe@dnssec-deployment.org">news-unsubscribe@dnssec-deployment.org</a>><br>
<br>
For more information, go to<br>
<<a href="http://www.dnssec-deployment.org/news/dnssecthismonth" target="_blank">http://www.dnssec-deployment.org/news/dnssecthismonth</a>><br>
<br>
<br>
As of November 30, the SecSpider monitoring site showed 4817 DNSSEC enabled<br>
zones using both KSKs and ZSKs.<br>
<br>
<br>
Editor: Denise Graveline<br>
<br>
Contact: <<a href="mailto:news-editor@dnssec-deployment.org">news-editor@dnssec-deployment.org</a>><br>
<br>
<br>
Deployment watch: Penn, dot-TM, VeriSign, Dyn and NamesBeyond: Help this<br>
newsletter stay up-to-date on your organization's deployment news by<br>
submitting information about your DNSSEC deployment deadlines, test beds or<br>
other progress to <<a href="mailto:tldwatch@shinkuro.com">tldwatch@shinkuro.com</a>>. This month's updates include:<br>
<br>
* University of Pennsylvania first U.S. university to deploy: The<br>
University of Pennsylvania announced it is the first U.S. university to<br>
implement DNSSEC across the entire institution. Shumon Huque, a Penn IT<br>
technical director, also is working with EDUCAUSE to secure the dot-EDU<br>
top-level domain "Higher education can take a leadership role in securing<br>
the DNS," Huque said. "If a few universities in advanced networking adopt<br>
DNSSEC and share experiences, we can make broad deployment more<br>
straightforward for the larger community." Read the announcement at<br>
<<a href="http://www.upenn.edu/almanac/volumes/v56/n11/dns.html" target="_blank">http://www.upenn.edu/almanac/volumes/v56/n11/dns.html</a>>.<br>
<br>
* Turkmenistan announces DNSSEC deployment: Turkmenistan's dot-TM domain<br>
registry has launched DNSSEC. While not a trademark registry, it encourages<br>
trademark owners to register dot-TM names. Read the announcement at<br>
<<a href="http://www.reuters.com/article/pressRelease/idUS175619+29-Oct-2009+BW200910" target="_blank">http://www.reuters.com/article/pressRelease/idUS175619+29-Oct-2009+BW200910</a><br>
29> and more about dot-TM at<br>
<<a href="http://www.zdnet.com.au/news/business/soa/-TM-domain-back-on-the-market/0,1%0A39023166,120272805,00.htm?omnRef=http://www.nic.tm/pressquotes.html" target="_blank">http://www.zdnet.com.au/news/business/soa/-TM-domain-back-on-the-market/0,1<br>
39023166,120272805,00.htm?omnRef=http://www.nic.tm/pressquotes.html</a>>.<br>
<br>
* VeriSign launches boot camp, tools and training to aid DNSSEC deployment:<br>
VeriSign has created a technical "boot camp" program to train registrars,<br>
ISPs and larger registrants in DNSSEC assessment and implementation. The<br>
effort also includes an interoperability lab that will allow vendors to<br>
evaluate how their equipment works with DNSSEC. Network and computing<br>
equipment manufacturers also are being invited to VeriSign to review how<br>
DNSSEC will work with their equipment when DNSSEC is implemented in the .com<br>
and .net TLDs. VeriSign has announced it will deploy DNSSEC in the dot-COM<br>
and dot-NET domains by early 2011 and is working with EDUCAUSE on DNSSEC<br>
deployment in the dot-EDU domain. Read more at<br>
<<a href="http://money.cnn.com/news/newsfeeds/articles/marketwire/0558203.htm" target="_blank">http://money.cnn.com/news/newsfeeds/articles/marketwire/0558203.htm</a>> and at<br>
the VeriSign DNSSEC resource center at<br>
<<a href="http://www.verisign.com/domain-name-services/domain-information-center/dnss%0Aec-resource-center/index.html" target="_blank">http://www.verisign.com/domain-name-services/domain-information-center/dnss<br>
ec-resource-center/index.html</a>>.<br>
<br>
* Dyn, Inc. reports on testing with dot-ORG: Dyn, Inc. published resources<br>
and updates about its testbed and other preparations for deploying DNSSEC<br>
for dot-ORG zones registered with the company. Read its updates at<br>
<<a href="http://dyn.com/DynIncLeadsTheChargeForDNSSEC" target="_blank">http://dyn.com/DynIncLeadsTheChargeForDNSSEC</a>>.<br>
<br>
* NamesBeyond has embedded support for DNSSEC. They offer DNSSEC management<br>
and configuration, allowing customers to configure DNSSEC parameters such as<br>
key type, size, validity period, supporting both NSEC and NSEC3 parameters.<br>
More information can be found at <<a href="http://www.namesbeyond.com/dnssec/" target="_blank">http://www.namesbeyond.com/dnssec/</a>>.<br>
<br>
Dot-ORG documents "the DNSSEC groundswell:" A blog post from dot-ORG, the<br>
Public Interest Registry, details the "groundswell" of progress toward<br>
DNSSEC deployment, from major steps such as the U.S. federal government<br>
mandate for agencies to deploy DNSSEC to PayPal's support for the security<br>
extensions. Read the summary at <<a href="http://blog.pir.org/?p=185" target="_blank">http://blog.pir.org/?p=185</a>>.<br>
<br>
Infoblox study shows tripling of DNSSEC adoption: Government Computer News<br>
notes that a recent Infoblox and Measurement Factory study of domain name<br>
servers on the Internet found a tripling of zones signed with DNSSEC, based<br>
on a sample of 5 percent of the Internet's IPv4 address space. From the<br>
article: "The scan showed that the number of zones signed using DNSSEC-the<br>
DNS Security Extensions-jumped from 45 to 167 in the past year. 'The<br>
[DNSSEC] numbers in an absolute sense are small,' [Infoblox Vice President<br>
for Architecture Cricket] Liu said. 'But people do seem to be interested in<br>
it. It's catching on'." Read the full article at<br>
<<a href="http://gcn.com/Articles/2009/11/10/DNS-survey-DNSSEC.aspx?Page=1" target="_blank">http://gcn.com/Articles/2009/11/10/DNS-survey-DNSSEC.aspx?Page=1</a>>.<br>
<br>
ICANN releases DNSSEC policy and practices: A working draft of ICANN's<br>
DNSSEC Policy and Practice Statement for the root-zone key-signing key<br>
operator was issued in November, codifying practices for management and<br>
issuing of DNS keys in keeping with U.S. Department of Commerce<br>
requirements. Read the draft at<br>
<<a href="http://www.ntia.doc.gov/DNS/ICANN_dnssecDraft_091112.txt" target="_blank">http://www.ntia.doc.gov/DNS/ICANN_dnssecDraft_091112.txt</a>>.<br>
<br>
ENISA, the European Network and Information Security Agency, has issued a<br>
report, "Study on the costs of DNSSEC Deployment"<br>
<<a href="http://www.enisa.europa.eu/act/res/technologies/tech/dnsseccosts" target="_blank">http://www.enisa.europa.eu/act/res/technologies/tech/dnsseccosts</a>>.<br>
The purpose of the report is to study the costs of DNSSEC deployment, assess<br>
the required changes of roles required by DNSSEC deployment, and analyze the<br>
investments that deployment of DNSSEC would require. The study concludes,<br>
among its many findings, that the cost of deployment will be lowest among<br>
pure registrars and higher for registries and zone operators.<br>
<br>
Workshops to update your DNSSEC knowledge: Here are forthcoming conferences,<br>
workshops and sessions focused on helping you deploy and understand DNSSEC<br>
and related issues:<br>
<br>
* DNSSEC deployment to be featured at FOSE 2010: A special presentation,<br>
"What's Next in DNSSEC: Securing the Domain Name System" will be presented<br>
at FOSE, the conference and exhibition for the U.S. government IT community,<br>
on Wednesday, March 24, 2010 from 10:30 a.m. to 4:30 p.m. Registration for<br>
the session will begin in November 2009 and is open to all FOSE and<br>
GovSec/U.S. Law attendees; pre-registration is required for the session,<br>
which is free. The day-long session will assess the U.S. federal response to<br>
securing its domains; examine challenges faced by agencies deploying DNSSEC;<br>
and share lessons learned and next steps as DNSSEC is deployed in other<br>
sectors. Software and hardware naming solutions also will be presented to<br>
update participants on available options for automating or easing deployment<br>
challenges. The session is organized by the DNSSEC Deployment Coordination<br>
Initiative and supported by the U.S. Department of Homeland Security. To<br>
exhibit in the DNSSEC Pavilion at FOSE, contact Don Berey, Show Director at<br>
703-876-5073 or send him an email at <<a href="mailto:dberey@1105govinfo.com">dberey@1105govinfo.com</a>>. For more<br>
information on the session or to register, go to<br>
<<a href="http://fose.com/events/fose-2010/tracks/whats-next-in-dnssec.aspx" target="_blank">http://fose.com/events/fose-2010/tracks/whats-next-in-dnssec.aspx</a>>.<br>
<br>
* ICANN to Nairobi: ICANN's 37th meeting will be held in Nairobi, Kenya,<br>
March 7-12, 2010. For details, go to <<a href="http://nbo.icann.org/" target="_blank">http://nbo.icann.org/</a>>.<br>
<br>
* IETF to California: IETF will convene its 77th meeting in Anaheim,<br>
Calif., March 21-26. For more on upcoming IETF meetings, go to<br>
<<a href="http://www.ietf.org/meeting/upcoming.html" target="_blank">http://www.ietf.org/meeting/upcoming.html</a>>.<br>
<br>
<br>
DNSSEC This Month,<br>
Vol. 4, No. 12, December 1, 2009<br>
ISSN 1932-6564<br>
<br>
<br>
#############################################################<br>
This message is sent to you because you are subscribed to<br>
the mailing list <<a href="mailto:news@dnssec-deployment.org">news@dnssec-deployment.org</a>>.<br>
To unsubscribe, E-mail to: <<a href="mailto:news-unsubscribe@dnssec-deployment.org">news-unsubscribe@dnssec-deployment.org</a>><br>
Send administrative queries to <<a href="mailto:news-request@dnssec-deployment.org">news-request@dnssec-deployment.org</a>><br>
<br>
</div><br><br clear="all"><br>-- <br>Anne-Rachel Inne<br>