Call for Participation -- ICANN DNSSEC and Security Workshop for ICANN77 Policy Forum

2023-04-13 Thread Jacques Latour 
Call for Participation -- ICANN DNSSEC and Security Workshop for ICANN77 Policy 
Forum



In cooperation with the ICANN Security and Stability Advisory Committee (SSAC), 
we are planning a DNSSEC and Security Workshop for the ICANN77 Policy Forum 
being held in Washington, DC and as a hybrid meeting from 12-15 June 2023 in 
the Eastern Time Zone (UTC -4). This workshop date will be determined once 
ICANN creates a block schedule for us to follow; then we will be able to 
request a day and time. The DNSSEC and Security Workshop has been a part of 
ICANN meetings for several years and has provided a forum for both experienced 
and new people to meet, present and discuss current and future DNSSEC 
deployments.  For reference, the most recent session was held at the ICANN76 
Community Forum on Wednesday,  15 March 2023. The presentations and transcripts 
are available at: 
https://icann76.sched.com/event/1J2JA/dnssec-and-security-workshop-1-of-3,

https://icann76.sched.com/event/1J2JD/dnssec-and-security-workshop-2-of-3 and

https://icann76.sched.com/event/1J2JE/dnssec-and-security-workshop-3-of-3.


The DNSSEC Workshop Program Committee is developing a program for the upcoming 
meeting.  Proposals will be considered for the following topic areas and 
included if space permits.  In addition, we welcome suggestions for additional 
topics either for inclusion in the ICANN77 workshop, or for consideration for 
future workshops.



1.  Global DNSSEC Activities Panel

For this panel, we are seeking participation from those who have been involved 
in DNSSEC deployment as well as from those who have not deployed DNSSEC but who 
have a keen interest in the challenges and benefits of deployment, including 
Root Key Signing Key (KSK) Rollover activities and plans.



2.  DNSSEC Best Practice

Now that DNSSEC has become an operational norm for many registries, registrars, 
and ISPs, what have we learned about how we manage DNSSEC?


  *   Do you still submit/accept DS records with Digest Type 1?
  *   What is the best practice around key roll-overs?
  *   What about Algorithm roll-overs?
  *   Do you use and support DNSKEY Algorithms 13-16?
  *   How often do you review your disaster recovery procedures?
  *   Is there operational familiarity within your customer support teams?
  *   What operational statistics have been gathered about DNSSEC?
  *   Are there experiences being documented in the form of best practices, or 
something similar, for transfer of signed zones?



Activities and issues related to DNSSEC in the DNS Root Zone are also desired.



3. DNSSEC Deployment Challenges

The program committee is seeking input from those that are interested in 
implementation of DNSSEC but have general or particular concerns with DNSSEC.  
In particular, we are seeking input from individuals that would be willing to 
participate in a panel that would discuss questions of the following nature:


  *   Are there any policies directly or indirectly impeding your DNSSEC 
deployment? (RRR model, CDS/CDNSKEY automation)
  *   What are your most significant concerns with DNSSEC, e.g., complexity, 
training, implementation, operation or something else?
  *   What do you expect DNSSEC to do for you and what doesn't it do?
  *   What do you see as the most important trade-offs with respect to doing or 
not doing DNSSEC?



4. Security Panel

The program committee is looking for presentations on DNS, DNSSEC, routing and 
other topics that could impact the security and/or stability of the Internet.



We are looking for presentations that cover implementation issues, challenges, 
opportunities and best practices for:


  *   Emerging threats that could impact the security and/or stability of the 
Internet
  *   DoH and DoT
  *   RPKI (Resource Public Key Infrastructure)
  *   BGP routing & secure implementations
  *   MANRS ( Mutually Agreed Norms for Routing Security)
  *   Browser security - DNS, DNSSEC, DoH
  *   EMAIL & DNS related security - DMARC, DKIM, TLSA, etc...



If you are interested in participating, please send a brief (1-3 sentence) 
description of your proposed presentation to 
dnssec-security-works...@icann.org 
by Friday, 12 May 2023.



Thank you,

Jacques

On behalf of the DNSSEC Workshop Program Committee:

Steve Crocker, Shinkuro

Mark Elkins, DNS/ZACR

Jacques Latour, .CA

Russ Mundy, Parsons

Ondrej Filip, CZ.NIC

Yoshiro Yoneya, JPRS

Fred Baker, ISC

Dan York, Internet Society

Re: Auth0 geolocation?

2023-04-13 Thread Josh Luthman 
So the contact helped you but the email to support was the fix?  Could you
share the sanitized details of what you sent to support?

On Thu, Apr 13, 2023 at 10:04 AM Tim Burke  wrote:

> I don't believe so. Someone was gracious enough to dip the Akamai DB for
> me... I ended up just emailing supp...@akamai.com after finding the
> discrepancy, waiting for them to finish processing the changes. There's
> gotta be a better way to do this, though!
> --
> *From:* Josh Luthman 
> *Sent:* Thursday, April 13, 2023 8:56:53 AM
> *To:* Tim Burke
> *Cc:* NANOG
> *Subject:* Re: Auth0 geolocation?
>
> Is there a publicly available email address/form/etc that we can put on
> TBW page?
>
> On Thu, Apr 13, 2023 at 9:43 AM Tim Burke  wrote:
>
>> For those following along at home, it appears that Akamai was the
>> culprit. Didn't even know they offered geolocation services! Many thanks
>> and much respect to those who reached out off-list.
>>
>>
>> Best,
>>
>> Tim
>> --
>> *From:* Tim Burke
>> *Sent:* Monday, April 10, 2023 8:29:07 AM
>> *To:* NANOG
>> *Subject:* Re: Auth0 geolocation?
>>
>>
>> Apple and Best Buy are other ones that just came up over the weekend,
>> seems to be spread out across an entire /17. Oddly, we've had this /17 for
>> close to a year and a half, and this is just popping up...
>> --
>> *From:* NANOG  on behalf of Tim
>> Burke 
>> *Sent:* Thursday, April 6, 2023 7:32:41 PM
>> *To:* NANOG
>> *Subject:* Auth0 geolocation?
>>
>> Anyone know who Auth0 is using for geolocation services? Have a customer
>> reporting that Auth0, Lowes, Bank of America, and some other sites are
>> reporting their IP in the wrong location. Checked the usual suspects,
>> BrothersWISP.com geolocation providers list, etcetera and they’re all
>> showing in the correct location.
>>
>> Thanks,
>> Tim
>>
>

Re: Auth0 geolocation?

2023-04-13 Thread Tim Burke 
I don't believe so. Someone was gracious enough to dip the Akamai DB for me... 
I ended up just emailing supp...@akamai.com after finding the discrepancy, 
waiting for them to finish processing the changes. There's gotta be a better 
way to do this, though!


From: Josh Luthman 
Sent: Thursday, April 13, 2023 8:56:53 AM
To: Tim Burke
Cc: NANOG
Subject: Re: Auth0 geolocation?

Is there a publicly available email address/form/etc that we can put on TBW 
page?

On Thu, Apr 13, 2023 at 9:43 AM Tim Burke mailto:t...@mid.net>> 
wrote:

For those following along at home, it appears that Akamai was the culprit. 
Didn't even know they offered geolocation services! Many thanks and much 
respect to those who reached out off-list.


Best,

Tim


From: Tim Burke
Sent: Monday, April 10, 2023 8:29:07 AM
To: NANOG
Subject: Re: Auth0 geolocation?


Apple and Best Buy are other ones that just came up over the weekend, seems to 
be spread out across an entire /17. Oddly, we've had this /17 for close to a 
year and a half, and this is just popping up...


From: NANOG mailto:mid@nanog.org>> on 
behalf of Tim Burke mailto:t...@mid.net>>
Sent: Thursday, April 6, 2023 7:32:41 PM
To: NANOG
Subject: Auth0 geolocation?

Anyone know who Auth0 is using for geolocation services? Have a customer 
reporting that Auth0, Lowes, Bank of America, and some other sites are 
reporting their IP in the wrong location. Checked the usual suspects, 
BrothersWISP.com geolocation providers list, etcetera 
and they’re all showing in the correct location.

Thanks,
Tim

Re: Auth0 geolocation?

2023-04-13 Thread Josh Luthman 
Is there a publicly available email address/form/etc that we can put on TBW
page?

On Thu, Apr 13, 2023 at 9:43 AM Tim Burke  wrote:

> For those following along at home, it appears that Akamai was the culprit.
> Didn't even know they offered geolocation services! Many thanks and much
> respect to those who reached out off-list.
>
>
> Best,
>
> Tim
> --
> *From:* Tim Burke
> *Sent:* Monday, April 10, 2023 8:29:07 AM
> *To:* NANOG
> *Subject:* Re: Auth0 geolocation?
>
>
> Apple and Best Buy are other ones that just came up over the weekend,
> seems to be spread out across an entire /17. Oddly, we've had this /17 for
> close to a year and a half, and this is just popping up...
> --
> *From:* NANOG  on behalf of Tim
> Burke 
> *Sent:* Thursday, April 6, 2023 7:32:41 PM
> *To:* NANOG
> *Subject:* Auth0 geolocation?
>
> Anyone know who Auth0 is using for geolocation services? Have a customer
> reporting that Auth0, Lowes, Bank of America, and some other sites are
> reporting their IP in the wrong location. Checked the usual suspects,
> BrothersWISP.com geolocation providers list, etcetera and they’re all
> showing in the correct location.
>
> Thanks,
> Tim
>

Re: Auth0 geolocation?

2023-04-13 Thread Tim Burke 
For those following along at home, it appears that Akamai was the culprit. 
Didn't even know they offered geolocation services! Many thanks and much 
respect to those who reached out off-list.


Best,

Tim


From: Tim Burke
Sent: Monday, April 10, 2023 8:29:07 AM
To: NANOG
Subject: Re: Auth0 geolocation?


Apple and Best Buy are other ones that just came up over the weekend, seems to 
be spread out across an entire /17. Oddly, we've had this /17 for close to a 
year and a half, and this is just popping up...


From: NANOG  on behalf of Tim Burke 

Sent: Thursday, April 6, 2023 7:32:41 PM
To: NANOG
Subject: Auth0 geolocation?

Anyone know who Auth0 is using for geolocation services? Have a customer 
reporting that Auth0, Lowes, Bank of America, and some other sites are 
reporting their IP in the wrong location. Checked the usual suspects, 
BrothersWISP.com geolocation providers list, etcetera 
and they’re all showing in the correct location.

Thanks,
Tim