<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<span style="font-size:11.0pt"></span><o:p></o:p>
<div class="moz-forward-container">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Call for
Participation -- ICANN DNSSEC Workshop at ICANN60 in Abu
Dhabi, UAE</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The DNSSEC
Deployment Initiative and the Internet Society Deploy360
Programme, in cooperation with the ICANN Security and
Stability Advisory Committee (SSAC), are planning a DNSSEC
Workshop during the ICANN60 meeting held from 01 November
2017 in Abu Dhabi, UAE tentatively from 0900-1500 local
time. The DNSSEC Workshop has been a part of ICANN meetings
for several years and has provided a forum for both
experienced and new people to meet, present and discuss
current and future DNSSEC deployments. For reference, the
most recent session was held at the ICANN Policy Forum in
Johannesburg, South Africa. The presentations and
transcripts are available at: <a
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__schedule.icann.org_event_B3zi_dnssec-2Dworkshop&d=DwMGaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=adDIs0WEx_lLwFfrsdovxTYY8GkRHo5ibc8SR3Npdh8&m=RkPFMRf9EqsrrN7ZFVH385gStAmgF85U3zntp5XrRGQ&s=J7TgXYPE2UYLcqpX5U0JddoIDH2Qe0ORRrwfnMRtwcY&e="
moz-do-not-send="true">https://schedule.icann.org/event/B3zi/dnssec-workshop[schedule.icann.org]</a>.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">At ICANN60
we are particularly interested in live demonstrations of
uses of DNSSEC or DANE. Examples might include:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Innovative
uses of APIs to do something new and different using
DNSSEC/DANE.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Email
clients and servers using DNSSEC, OPENPGPKEY, or S/MIME for
secure email.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* DNSSEC
automation and deployment using CDS, CDNSKey, and CSYNC.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* DNSSEC
signing solutions and innovation.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Tools for
automating the generation of DNSSEC/DANE records.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Services
for monitoring or managing DNSSEC signing or validation.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Tools or
services for using DNSSEC/DANE along with other existing
protocols and</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> services
such as SSH, XMPP, SMTP, S/MIME or PGP/GPG.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Our interest
is to provide current examples of the state of development
and to show real-world examples of how DNSSEC and DANE
related innovation can be used to increase the overall
security of the Internet.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We are open
to presentations and demonstrations related to any topic
associated with DNSSEC and DANE. Examples of the types of
topics we are seeking include:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">1. DNSSEC
activities in the Middle East Region</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">For this
panel we are seeking participation from those who have been
involved in DNSSEC deployment in the region and also from
those who have not deployed DNSSEC but who have a keen
interest in the challenges and benefits of deployment. In
particular, we will consider the following questions: Are
you interested in reporting on DNSSEC validation of your
ISPs? What can DNSSEC do for you? What doesn't it do? What
are the internal tradeoffs to implementing DNSSEC? What did
you learn in your deployment of DNSSEC? We are interested
in presentations from both people involved with the signing
of domains and people involved with the deployment of
DNSSEC-validating DNS resolvers.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">2. Impact
and Results of Root Key Rollover</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Following
the Root Key Rollover, we would like to bring together a
panel of people who can talk about the impacts to ISPs,
equipment providers and end users, and also what was done to
mitigate those issues. In particular, we are seeking
participation from vendors, ISPs, and the community that may
have been affected by distribution of new root keys. you
have a specific concern about the Root Key Rollover we would
like to hear from you.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">3.
Implementing next generation DNSSEC signing at Registries
and DNS Operators</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Now that
DNSSEC technology has matured many Registries and DNS
Operators have upgraded their legacy DNSSEC signing services
with innovative solutions. </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Real world
use cases of HSMs and key management.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Signing at
the edge</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We would be
interested in seeing presentations or demonstrations on
those topics.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">4. The
operational realities of running DNSSEC</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Now that
DNSSEC has become an operational norm for many registries,
registrars, and ISPs, what have we learned about how we
manage DNSSEC? What is the best practice around your local
key rollovers? How often do you review your disaster
recovery procedures? Is there operational familiarity within
your customer support teams? What operational statistics
have we gathered about DNSSEC? Are there experiences being
documented in the form of best practices, or something
similar, for transfer of signed zones?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">5. DANE and
DNSSEC application automation</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">For DNSSEC
to reach massive deployment levels it is clear that a higher
level of automation is required than is currently available.
There also is strong interest for DANE usage within web
transactions as well as for securing email and Voice-over-IP
(VoIP). We are seeking presentations on topics such as:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* How can
the industry use DANE and other DNSSEC applications as a
mechanism for creating a more secure Internet?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* What
tools, systems and services are available to help automate
DNSSEC key management?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Can you
provide an analysis of current tools/services and identify
gaps?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* What are
some of the new and innovative uses of DANE and other DNSSEC
applications in new areas or industries?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* What tools
and services are now available that can support DANE usage?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We would be
particularly interested in any live demonstrations of DNSSEC
/ DANE application automation and services. Demonstrations
of new tools that make the setup of DNSSEC or DANE more
automated would also be welcome.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">6. DNSSEC
and DANE in the enterprise and in the enterprise tool set</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Enterprises
and enterprise software can play a critical role in both
providing DNSSEC validation to their internal networks and
also through signing of the domains owned by the enterprise.
We are seeking presentations from enterprises and enterprise
software providers that have implemented DNSSEC on
validation and/or signing processes and can address
questions such as:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* What
enterprise software support or plan do you have to support
DNSSEC?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* What are
the benefits to enterprises of rolling out DNSSEC
validation? And how do they do so?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* What are
the challenges to deployment for these organizations and how
could DANE and other DNSSEC applications address those
challenges?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* How should
an enterprise best prepare its IT staff and network to
implement DNSSEC?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* What
enterprise tools and systems are available to assist
enterprises in the deployment of DNSSEC?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* How can
the DANE protocol be used within an enterprise to bring a
higher level of security to transactions using SSL/TLS
certificates?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">7.
Implementing DNSSEC validation at Internet Service Providers
(ISPs)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Internet
Service Providers (ISPs) play a critical role by enabling
DNSSEC validation for the caching DNS resolvers used by
their customers. We have now seen massive rollouts of
DNSSEC validation within large North American ISPs and at
ISPs around the world. We are interested in presentations
on topics such as:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Can you
describe your experiences with negative Trust Anchors and
operational realities?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* What does
an ISP need to do to prepare its network for implementing
DNSSEC validation? </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* How does
an ISP need to prepare its support staff and technical staff
for the rollout of DNSSEC validation? </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* Can you
provide results and/or impacts of the impact of root key
rollover?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">* What
rollover technique do you use, i.e., RFC 5011 or other?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">In addition,
we welcome suggestions for additional topics.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">If you are
interested in participating, please send a brief (1-2
sentence) description of your proposed presentation to <a
href="mailto:dnssec-abudhabi@isoc.org"
moz-do-not-send="true">dnssec-abudhabi@isoc.org</a> by
**08 September 2017**</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">We hope that
you can join us.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Thank you,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Julie
Hedlund</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">On behalf of
the DNSSEC Workshop Program Committee:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Jean Robert
Hountomey, AfricaCERT</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Jacques
Latour, .CA</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Xiaodong
Lee, CNNIC</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Russ Mundy,
Parsons</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Ondřej
Filip, CZ.NIC</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Yoshiro
Yoneya, JPRS</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Dan York,
Internet Society</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Mark Elkins,
DNS/ZACR</span></p>
<p class="MsoNormal"><br>
</p>
<p class="MsoNormal">ps - My thanks to all Africans that
attended the DNSSEC Workshop in Johannesburg!<br>
<span style="font-size:11.0pt"></span><o:p></o:p></p>
<pre> <o:p></o:p></pre>
</div>
</div>
</body>
</html>