[Community-Discuss] Call for Participation -- ICANN DNSSEC and Security Workshop at ICANN66, Montreal, Canada

Mark Elkins mje at posix.co.za
Thu Sep 12 07:23:14 UTC 2019

Anyone in Africa doing interesting work in DNSSEC or related topics?
Would you like to share with the community?

-------- Forwarded Message --------
Subject: [Dnssec-icann-workshops] Call for Participation -- ICANN
DNSSEC and Security Workshop at ICANN66, Montreal, Canada
Date: Tue, 10 Sep 2019 20:58:24 +0000
From: Kathy Schnitt <kathy.schnitt at icann.org>

Call for Participation -- ICANN DNSSEC and Security Workshop at ICANN66,
Montreal, Canada

The ICANN Security and Stability Advisory Committee (SSAC) and the
Internet Society Deploy360 Programme are planning a DNSSEC  and Security
Workshop during the ICANN66 meeting held from 02-07 November 2019 in
Montreal, Canada.  The original DNSSEC Workshop has been a part of ICANN
meetings for many years and has provided a forum for both experienced
and new people to meet, present and discuss current and future DNSSEC
deployments. The program committee added a new focus on security to the
workshop to address various emerging security related issues such as
DoT/DoH impacts and potential abuses, impacts of RPKI deployments, BGP
hijacking and other Internet related routing issues.

For reference, the most recent session was held at the ICANN Policy
Forum in Marrakech, Morocco on 24 June 2019. The presentations and
transcripts are available at:

The DNSSEC and Security Workshop Program Committee is developing a
3-hour program.  Proposals are sought for the following topic areas:

1. Global DNSSEC Activities Panel

For this panel, we are seeking participation from those who have been
involved in DNSSEC deployment as well as from those who have not
deployed DNSSEC but who have a keen interest in the challenges and
benefits of deployment, including Root Key Signing Key (KSK) Rollover
activities and plans.

2. DNSSEC Best Practice

Now that DNSSEC has become an operational norm for many registries,
registrars, and ISPs, what have we learned about how we manage DNSSEC? 
Do you still submit/accept DS records with Digest Type 1? What is the
best practice around key roll-overs?  What about Algorithm roll-overs?
Do you use and support DNSKEY Algorithms 13-16? How often do you review
your disaster recovery procedures? Is there operational familiarity
within your customer support teams? What operational statistics have we
gathered about DNSSEC? Are there experiences being documented in the
form of best practices, or something similar, for transfer of signed
zones?  Activities and issues related to DNSSEC in the DNS Root Zone are
also desired.

3. DNSSEC Deployment Challenges

The program committee is seeking input from those that are interested in
implementation of DNSSEC but have general or particular concerns with
DNSSEC.  In particular, we are seeking input from individuals that would
be willing to participate in a panel that would discuss questions of the
following nature:

- Are there any policies directly or indirectly impeding your DNSSEC
deployment? (RRR model, CDS/CDNSKEY automation)

- What are your most significant concerns with DNSSEC, e.g., complexity,
training, implementation, operation or something else?

- What do you expect DNSSEC to do for you and what doesn't it do?

- What do you see as the most important trade-offs with respect to doing
or not doing DNSSEC?

4. Security Panel

New to the workshop, the program committee is looking for presentations
on DNS and Routing topics that could impact the security and/or
stability of the internet. .

- DoH and DoT implementation issues, challenges and opportunities

- RPKI adoption and implementation  issues, challenges and opportunities

- BGP/routing/hijack issues, challenges and opportunities

- MANRS implementation challenges and opportunities

- Emerging threats that could impact (real or perceived)  the security
and/or stability of the internet

- Domain hacking/hijacking prevention, best practice and techniques

- Browser related security implementations

- DMARC Challenges, opportunities and Best Practices

- BGP Flowspec challenges, opportunities and Best Practices

In addition, we welcome suggestions for additional topics, either for
inclusion in the ICANN66 workshop, or for consideration for future

If you are interested in participating, please send a brief (1-2
sentence) description of your proposed presentation to
dnssec-montreal at isoc.org <mailto:dnssec-montreal at isoc.org>*by **Friday,
27 September 2019***

Thank you,

Andrew and Kathy

On behalf of the DNSSEC and Security Workshop Program Committee:

Mark Elkins, DNS/ZACR

Jacques Latour, .CA

Russ Mundy, Parsons

Ondrej Filip, CZ.NIC

Yoshiro Yoneya, JPRS

Fred Baker, ISC

Dan York, Internet Society

Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.afrinic.net/pipermail/community-discuss/attachments/20190912/fdbf5776/attachment.html>
-------------- next part --------------
Dnssec-icann-workshops mailing list
Dnssec-icann-workshops at elists.isoc.org

View the Internet Society Code of Conduct: https://www.internetsociety.org/become-a-member/code-of-conduct/

More information about the Community-Discuss mailing list