I would be glad to help with signing. I have experience signing some small zones
Mehmet > On Nov 6, 2014, at 7:09 AM, Dr Eberhard Lisse <[email protected]> wrote: > > Julie, > > as a heads up, the TechWg is considering to do a very lightweight key > signing ceremony. Ie something for small (cc)TLDs, just the technical > side, not the two-person rule thing. > > I'd like to have Rick Lamb help us if he can, but don't know who to ask. > > If that works out I would like to see this becoming a regular > occurrence. And if that worked one could even look at increasing the > levels... > > el > > >> On 2014-11-06 16:07, Julie Hedlund wrote: >> Call for Participation -- ICANN DNSSEC Workshop at ICANN 52 in Singapore >> >> >> >> The DNSSEC Deployment Initiative and the Internet Society Deploy360 >> Programme, in cooperation with the ICANN Security and Stability Advisory >> Committee (SSAC), are planning a DNSSEC Workshop at the ICANN 52 meeting >> on 11 February 2015 in Singapore. The DNSSEC Workshop has been a part >> of ICANN meetings for several years and has provided a forum for both >> experienced and new people to meet, present and discuss current and >> future DNSSEC deployments. For reference, the most recent session was >> held at the ICANN meeting in Los Angeles on 15 October 2014. The >> presentations and transcripts are >> available at: http://la51.icann.org/en/schedule/wed-dnssec. >> >> >> >> We are seeking presentations on the following topics: >> >> >> >> 1. DNSSEC activities in Asia >> >> >> >> For this panel we are seeking participation from those who have >> been involved in DNSSEC deployment in Asia and also from those who have >> not deployed DNSSEC but who have a keen interest in the challenges and >> benefits of deployment. In particular, we will consider the following >> questions: What can DNSSEC do for you? What doesn't it do? What are >> the internal tradeoffs to implementing DNSSEC? What did you learn in >> your deployment of DNSSEC? We are interested in presentations from both >> people involved with the signing of domains and people involved with the >> deployment of DNSSEC-validating DNS resolvers. >> >> >> >> 2. Potential impacts of Root Key Rollover >> >> >> >> Given many concerns about the need to do a Root Key Rollover, we would >> like to bring together a panel of people who can talk about what the >> potential impacts may be to ISPs, equipment providers and end users, and >> also what can be done to potentially mitigate those issues. In >> particular, we are seeking participation from vendors, ISPs, and the >> community that will be affected by distribution of new root keys. We >> would like to be able to offer suggestions out of this panel to the >> wider technical community. If you have a specific concern about the >> Root Key Rollover, or believe you have a method or solution to help >> address impacts, we would like to hear from you. >> >> >> >> 3. New gTLD registries and administrators implementing DNSSEC >> >> >> >> With the launch of the new gTLDs, we are interested in hearing from >> registries and operators of new gTLDs about what systems and processes >> they have implemented to support DNSSEC. As more gTLDs are launched, is >> there DNSSEC-related information that can be shared to help those >> launches go easier? >> >> >> >> 4. Guidance for Registrars in supporting DNSSEC >> >> >> >> The 2013 Registrar Accreditation Agreement (RAA) for registrars and >> resellers requires them to support DNSSEC from January 1, 2014. We are >> seeking presentations discussing: >> >> * What are the specific technical requirements of the RAA and how can >> registrars meet those requirements? >> >> * What tools and systems are available for registrars that include >> DNSSEC support? >> >> * What information do registrars need to provide to >> resellers and ultimately customers? >> >> >> >> We are particularly interested in hearing from registrars who have >> signed the 2013 RAA and have either already implemented DNSSEC support >> or have a plan for doing so. >> >> >> 5. APIs between the Registrars and DNS hosting operators >> >> >> >> One specific area that has been identified as needing focus is the >> communication between registrars and DNS hosting operators, specifically >> when these functions are provided by different entities. Currently, the >> communication, such as the transfer of a DS record, often occurs by way >> of the domain name holder copying and pasting information from one web >> interface to another. How can this be automated? We would welcome >> presentations by either registrars or DNS hosting operators who have >> implemented APIs for the communication of DNSSEC information, or from >> people with ideas around how such APIs could be constructed. >> >> >> >> 6. Implementing DNSSEC validation at Internet Service Providers (ISPs) >> >> >> Internet Service Providers (ISPs) play a critical role by enabling >> DNSSEC validation for the caching DNS resolvers used by their customers. >> We have now seen massive rollouts of DNSSEC validation within large >> North American ISPs and at ISPs around the world. We are interested in >> presentations on topics such as: >> >> * What does an ISP need to do to prepare its network for implementing >> DNSSEC validation? >> >> * How does an ISP need to prepare its support staff and technical staff >> for the rollout of DNSSEC validation? >> >> * What measurements are available about the degree of DNSSEC validation >> currently deployed? >> >> * What tools are available to help an ISP deploy DNSSEC validation? >> >> * What are the practical server-sizing impacts of enabling DNSSEC >> validation on ISP DNS Resolvers (ex. cost, memory, CPU, bandwidth, >> technical support, etc.)? >> >> >> >> 7. The operational realities of running DNSSEC >> >> >> >> Now that DNSSEC has become an operational norm for many >> registries, registrars, and ISPs, what have we learned about how we >> manage DNSSEC? What is the best practice around key rollovers? How often >> do you review your disaster recovery procedures? Is there operational >> familiarity within your customer support teams? What operational >> statistics have we gathered about DNSSEC? Are there experiences being >> documented in the form of best practices, or something similar, for >> transfer of signed zones? >> >> >> >> 8. DNSSEC automation >> >> >> >> For DNSSEC to reach massive deployment levels it is clear that a higher >> level of automation is required than is currently available. Topics for >> which we would like to see presentations include: >> >> * What tools, systems and services are available to help automate DNSSEC >> key management? >> >> * Can you provide an analysis of current tools/services and identify gaps? >> >> * Where are the best opportunities for automation within DNSSEC signing >> and validation processes? >> >> * What are the costs and benefits of different approaches to automation? >> >> >> >> 9. When unexpected DNSSEC events occur >> >> >> >> What have we learned from some of the operational outages that we >> have seen over the past 18 months? Are there lessons that we can pass on >> to those just about to implement DNSSEC? How do you manage dissemination >> of information about the outage? What have you learned about >> communications planning? Do you have a route to ISPs and registrars? How >> do you liaise with your CERT community? >> >> >> >> 10. DANE and DNSSEC applications >> >> >> >> There is strong interest for DANE usage within web transactions as well >> as for securing email and Voice-over-IP (VoIP). We are seeking >> presentations on topics such as: >> >> * What are some of the new and innovative uses of DANE and other DNSSEC >> applications in new areas or industries? >> >> * What tools and services are now available that can support DANE usage? >> >> * How soon could DANE and other DNSSEC applications become a deployable >> reality? >> >> * How can the industry use DANE and other DNSSEC applications as a >> mechanism for creating a more secure Internet? >> >> >> >> We would be particularly interested in any live demonstrations of DNSSEC >> / DANE applications and services. For example, a demonstration of the >> actual process of setting up a site with a certificate stored in a TLSA >> record that correctly validates would be welcome. Demonstrations of new >> tools that make the setup of DNSSEC or DANE more automated would also be >> welcome. >> >> >> 11. DANE / DNSSEC as a way to secure email >> >> >> >> The DNS-based Authentication of Named Entities (DANE) protocol is an >> exciting development where DNSSEC can be used to provide a strong >> additional trust layer for traditional SSL/TLS certificates. We are both >> pleased and intrigued by the growing usage of DANE and DNSSEC as a means >> of providing added security for email. Multiple email servers have added >> support for DANE records to secure TLS/SSL connections. Some email >> providers are marketing DNSSEC/DANE support. We would like to have a >> panel at ICANN 51 focusing on this particular usage of DANE. Are you a >> developer of an email server or client supporting DANE? Do you provide >> DANE / DNSSEC support in your email service? Can you provide a brief >> case study of what you have done to implement DANE / DNSSEC? Can you >> talk about any lessons you learned in the process? >> >> >> >> 12. DNSSEC and DANE in the enterprise >> >> >> >> Enterprises can play a critical role in both providing DNSSEC validation >> to their internal networks and also through signing of the domains owned >> by the enterprise. We are seeking presentations from enterprises that >> have implemented DNSSEC on validation and/or signing processes and can >> address questions such as: >> >> * What are the benefits to enterprises of rolling out DNSSEC validation? >> And how do they do so? >> >> * What are the challenges to deployment for these organizations and how >> could DANE and other DNSSEC applications address those challenges? >> >> * How should an enterprise best prepare its IT staff and network to >> implement DNSSEC? >> >> * What tools and systems are available to assist enterprises in the >> deployment of DNSSEC? >> >> * How can the DANE protocol be used within an enterprise to bring a >> higher level of security to transactions using SSL/TLS certificates? >> >> >> >> 13. Hardware Security Modules (HSMs) use cases and innovation >> >> >> >> We are interested in demonstrations of HSMs, presentations of >> HSM-related innovations and real world use cases of HSMs and key >> management. >> >> >> >> In addition, we welcome suggestions for additional topics. >> >> >> >> If you are interested in participating, please send a brief (1-2 >> sentence) description of your proposed presentation to dnssec- >> <mailto:[email protected]>[email protected] >> <mailto:[email protected]> by **Wednesday, 03 December 2014** >> >> >> >> We hope that you can join us. >> >> >> >> Thank you, >> >> >> >> Julie Hedlund >> >> >> >> On behalf of the DNSSEC Workshop Program Committee: >> >> Mark Elkins, DNS/ZACR >> >> Cath Goulding, Nominet UK >> >> Jean Robert Hountomey, AfricaCERT >> >> Jacques Latour, .CA >> >> Xiaodong Lee, CNNIC >> >> Luciano Minuchin, NIC.AR >> >> Russ Mundy, Parsons >> >> Ondřej Surý, CZ.NIC >> >> Yoshiro Yoneya, JPRS >> >> Dan York, Internet Society > > -- > Dr. Eberhard W. Lisse \ / Obstetrician & Gynaecologist (Saar) > [email protected] / * | Telephone: +264 81 124 6733 (cell) > PO Box 8421 \ / > Bachbrecht, Namibia ;____/
