Root Zone KSK: After 5 years Elise Gerich | APNIC 40 | September 2015.

Slides:



Advertisements
Similar presentations
IANA Update LACNIC XV, Canún May Agenda 2 DNSSEC RZM automation NOI Business Excellence.
Advertisements

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License DNSSEC ROLLING.
Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
ICANN’s Preparedness for Signing the Root September 24, 2008 DNS OARC Meeting, Ottawa, CA
DNSSEC Sample Implementation MENOG 10 Workshop 22 April 2012, Dubai
What’s Next: DNSSEC & RPKI Mark Kosters. Why are DNSSEC and RPKI Important Two critical resources – DNS – Routing Hard to tell when it is compromised.
IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.
IANA Update APNIC 31, Hong Kong February Agenda 2 Addressing DNSSEC Root management Continuity Exercise Business Excellence.
Survey of DNSSEC Lutz Donnerhacke DNSSEC Meeting ( )
Services Area Report Sanjaya Services Area Director.
1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.
© Afilias Limitedwww.afilias.info SM Challenges of Deploying DNSSEC: Prepare your ccTLD with Secondary DNS services LACNIC Meeting May 2010 Presented by:
DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.
Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Patrick Jones Registry Liaison Mgr 22 June Update on ICANN’s gTLD Registry Failover Plan.
IANA Activities Update RIPE 68 Warsaw, Poland May 2014.
Transition of U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) Stewardship of the IANA Functions to the Global.
1 DNSSEC for the.edu Domain Becky Granger Director, Information Technology and Member Services EDUCAUSE April 29, 2010.
DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson
VISTA PROJECT PLAN, WORK PLAN AND VOLUNTEER ASSIGNMENT DESCRIPTION VISTA Orientation September 27-29, 2010.
Tyre Kicking the DNS Testing Transport Considerations of Rolling Roots Geoff Huston APNIC.
IANA Department Activities, RIPE 66, Dublin, Ireland May 2013 Elise Gerich.
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
© Afilias Limitedwww.afilias.info SM Deploying DNSSEC Ram Mohan.
Internet Corporation for Assigned Names & Numbers Update on ITAR Elise Gerich Vice President, IANA.
Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015
Rolling the Keys of the DNS Root Zone Geoff Huston APNIC Labs.
Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Bibliography.
GOVERNOR’S EARLY CHILDHOOD ADVISORY COUNCIL (ECAC) September 9, 2014.
IANA Activities Update, ARIN 31, Bridgetown, BB April 2013 Selina Harrington.
DNSSEC-Deployment.org Secure Naming Infrastructure Pilot (SNIP) A.gov Community Pilot for DNSSEC Deployment JointTechs Workshop July 18, 2007 Scott Rose.
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
Rolling the Root Geoff Huston APNIC Labs. Use of DNSSEC in Today’s Internet.
Insert Nonprofit Logo Project Name Mid-Development Presentation.
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania ESCC/Internet2 Joint Techs Workshop Madison, Wisconsin, U.S.A., July 19 th 2006.
Lab Results Interfaces S&I Framework Initiative Bi-Weekly Initiative Meeting August 29, 2011.
Olaf M. Kolkman. IETF58, Minneapolis, November DNSSEC Operational Practices draft-ietf-dnsop-dnssec-operational-practices-00.txt.
IANA Department Update APNIC 33, New Delhi 29 February 2012 Elise Gerich VP IANA ICANN.
Root Zone KSK Maintenance Jaap Akkerhuis | ENOG -10 | October 2015.
Developing a DNSSEC Policy The Compulsory Zone Distribution Which DNSSEC Protocol Keys – and Managing them Managing the Children Using DNSSEC Mark Elkins.
DRAFT STEP-BY-STEP DNS SECURITY ILLUSTRATIVE GUIDE Version 0.2 Sparta, Inc Samuel Morse Dr. Columbia MD Ph:
What's so hard about DNSSEC? Paul Ebersman – May 2016 RIPE72 – Copenhagen 1.
Rolling the Root Geoff Huston APNIC Labs March 2016.
Phil Regnauld Hervey Allen 15 June 2009 Papeete, French Polynesia DNSSEC Tutorial: Status “Today”
Rolling the Root Zone DNSSEC Key Signing Key
KSK Rollover Update David Conrad, CTO ICANN 59 – ccNSO Members Meeting
DNS Team IETF 99 Hackathon.
KSK Rollover Update David Conrad, CTO ICANN 59 – GAC 29 June 2017.
State of DNSSEC deployment ISOC Advisory Council
Introduction to PTI Elise Gerich | ICANN 57 | November 2016.
Geoff Huston APNIC Labs September 2017
Root Zone KSK Rollover Update
draft-huston-kskroll-sentinel
Introduction to PTI Elise Gerich| RIPE Meeting | October 2016.
Internet2 DNSSEC Pilot Shumon Huque University of Pennsylvania
Root KSK Roll Update DNS-OARC 27 Matt Larson, VP of Research
Measuring KSK Roll Readiness
ICANN/IANA Update at APNIC 29
PTI Update Elise Gerich| ICANN 57| November 2016.
Geoff Huston APNIC Labs
IANA transition Milton Mueller
IQA 2018 QA Basics September 11, 2018 Day 1 Workshop 1.
Measuring KSK Roll Readiness
DNSSEC & KSK Rollover Patrick Jones Middle East DNS Forum & APTLD 75
DNSSEC Status Update in UA
DNSSEC Tutorial: Status “Today”
The Curious Case of the Crippling DS record
.uk DNSSEC Status update
Presentation transcript:

Root Zone KSK: After 5 years Elise Gerich | APNIC 40 | September 2015

| 2  Where are we today  Roll (change) the Root Key Signing Key (KSK)  Getting to a plan Agenda

| 3  Root Zone KSK (Key Signing Key)  The trust anchor in the DNSSEC hierarchy  Has been in operation since June 2010  Root Zone Partners  ICANN  Verisign  USG Dept of Commerce NTIA  "After 5 years of operation"  Created Design Team to propose plan for rollover of root KSK  Target for delivery of plan in fall of 2015 Where are we today

| 4 Design Team Members  Volunteer Team Members  Joe Abley  John Dickinson  Ondrej Sury  Yoshiro Yoneya  Jaap Akkerhuis  Geoff Huston  Paul Wouters  Root Zone Partners

| 5 What is …  KSK  Key-Signing Key signs DNSKEY RR set  Root Zone KSK  Public key in DNS Validator Trust Anchor sets  Copied everywhere - "configuration data"  Private key used only inside Hardware Security Module (HSM)  Impact of root KSK rollover  Large impact on those validating  A new root KSK has to be updated everywhere  Other KSK rolls inform the parent (or DLV)  Mitigated by RFC5011's trust anchor management

| 6 Planning Approach  Current Volunteer Design Team  Study, discussion through July  Present draft report for ICANN Public Comment  ksk en  Present final report ~ one month after Public Comment Period closes

| 7 Feedback Welcome  Input to the Public Comment  ksk en  Input to Design Team Members  Input during Q&A after Geoff’s presentation

| 8 Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.