nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Call for Participation -- ICANN81 DNSSEC and Security Workshop for ICANN Policy Forum

From: Jacques Latour via NANOG <nanog () nanog org>
Date: Tue, 2 Apr 2024 18:00:25 +0000
Call for Participation -- ICANN DNSSEC and Security Workshop for ICANN Policy Forum



In cooperation with the ICANN Security and Stability Advisory Committee (SSAC), we are planning a DNSSEC and Security 
Workshop for the ICANN80 Policy Forum being held as a hybrid meeting from 10-13 June 2024 Kigali, Rwanda in the Central 
Africa Time - CAT (UTC +2). This workshop date will be determined once ICANN creates a block schedule for us to follow; 
then we will be able to request a day and time. The DNSSEC and Security Workshop has been a part of ICANN meetings for 
several years and has provided a forum for both experienced and new people to meet, present and discuss current and 
future DNSSEC deployments.  For reference, the most recent session was held at the ICANN79 The Community Forum on 
Wednesday, 06 March 2024. The presentations and transcripts are available at: https://icann79.sched.com/.


The DNSSEC Workshop Program Committee is developing a program for the

upcoming meeting.  Proposals will be considered for the following topic areas and included if space permits.  In 
addition, we welcome suggestions for additional topics either for inclusion in the ICANN78 workshop, or for 
consideration for future workshops.



1.  Global DNSSEC Activities Panel

For this panel, we are seeking participation from those who have been involved in DNSSEC deployment as well as from 
those who have not deployed DNSSEC but who have a keen interest in the challenges and benefits of deployment, including 
Root Key Signing Key (KSK) Rollover activities and plans.



2.  DNSSEC Best Practice

Now that DNSSEC has become an operational norm for many registries, registrars, and ISPs, what have we learned about 
how we manage DNSSEC?



  *   Do you still submit/accept DS records with Digest Type 1?
  *   What is the best practice around key roll-overs?
  *   What about Algorithm roll-overs?
  *   Do you use and support DNSKEY Algorithms 13-16?
  *   How often do you review your disaster recovery procedures?
  *   Is there operational familiarity within your customer support teams?
  *   What operational statistics have been gathered about DNSSEC?
  *   Are there experiences being documented in the form of best practices, or something similar, for transfer of 
signed zones?



Activities and issues related to DNSSEC in the DNS Root Zone are also desired.



3. DNSSEC Deployment Challenges

The program committee is seeking input from those that are interested in implementation of DNSSEC but have general or 
concerns with DNSSEC.  We are seeking input from individuals that would be willing to participate in a panel that would 
discuss questions of the following nature:


  *   Are there any policies directly or indirectly impeding your DNSSEC deployment? (RRR model, CDS/CDNSKEY automation)
  *   What are your most significant concerns with DNSSEC, e.g., complexity, training, implementation, operation, or 
something else?
  *   What do you expect DNSSEC to do for you and what doesn't it do?
  *   What do you see as the most important trade-offs with respect to doing or not doing DNSSEC?



4. Security Panel

The program committee is looking for presentations on DNS, DNSSEC, routing and other topics that could impact the 
security and/or stability of the Internet.



We are looking for presentations that cover implementation issues, challenges, opportunities, and best practices for:


  *   Emerging threats that could impact the security and/or stability of the Internet
  *   DoH and DoT
  *   RPKI (Resource Public Key Infrastructure)
  *   BGP routing & secure implementations
  *   MANRS ( Mutually Agreed Norms for Routing Security)
  *   Browser security – DNS, DNSSEC, DoH
  *   EMAIL & DNS related security – DMARC, DKIM, TLSA, etc…



If you are interested in participating, please send a brief (1-3 sentence) description of your proposed presentation to 
dnssec-security-workshop () icann org<mailto:dnssec-security-workshop () icann org> by COB Friday, 10 May 2024.



Thank you,

Jacques

On behalf of the DNSSEC Workshop Program Committee:

Steve Crocker, Edgemoor Research Institute

Mark Elkins, DNS/ZARC

Jacques Latour, .CA

Russ Mundy, Tislabs

Yoshiro Yoneya

Dan York, Internet Society
Previous By Date Next
Previous By Thread Next

Current thread: