meeting announcement: 6 June 2007
James M Galvin
galvin at elistx.com
Tue May 22 16:43:45 EDT 2007
NOTE: THE LENGTH OF THIS MEETING HAS BEEN EXTENDED
TO 90 MINUTES.
This meeting will be held at the usual time of:
1200 Los Angeles, San Francisco
1200 Phoenix
1300 Salt Lake City
1500 Washington
1900 UTC
2000 London
2100 Netherlands
2200 Israel
0400 Tokyo (the next day)
0500 Melbourne (the next day)
The usual teleconference logistics are as follows. These do not
change. You will hear music until the moderator joins.
USA Toll Free Number: +1 888-221-7341
USA Toll Number: +1 973-935-2305
Passcode: 599 786 #
Leader: James Galvin
employed by ICANN if speaking to an operator
Jabber: dnssec-deployment at conference.jabber.org
This is a public room.
If your phone does not have a mute capability you can use "*6"
to mute and unmute your connection.
DIAL OUT:
1. ISC SIP Bridge - contact me for SIP identifiers
DRAFT AGENDA
** Presenters will be providing materials in advance for this
** meeting. They will be made available on the web site here:
**
** http://dnssec-deployment.org/wg/materials/20070606
**
** You may want to bookmark that page.
During this meeting we are going to examine deployment strategies
for signed zones with particular emphasis on hardware solutions. We
are going to focus on the registry side of the
registrant-registrar-registry relationship for all zones with the
goal of identifying effective aggregation points. We have
presentations from several organizations that have either deployed
DNSSEC or provided solutions for its successful deployment.
* Introduction (5 minutes)
Russ Mundy
This presentation is intended to provide an overview and context
for discussing activities needed for the operation of zones that
are operating with DNSSEC, this set of activities are sometimes
known as "provisioning". Although all DNS zones need to perform a
set of activities prior to loading zone information onto the
zone's name servers, there are different ways to accomplish these
activities and many different terms used to describe the
activities. The principle goal of the presentation is to provide
a common frame of reference for discussing DNSSEC Provisioning and
Aggregation.
Slides are attached as a PDF. Questions and comments are welcome
on the mailing list -- dnssec-deployment at shinkuro.com -- in
advance of the meeting.
* Experiences with the Signed .NET Pilot (10 minutes)
David Blacka, VeriSign
In 2005, VeriSign ran a pilot providing a signed version of the
.NET gTLD. This pilot provided experience with managing a
large-scale DNSSEC-signed zone using a commercial HSM.
* Using a Secure Platform to Automate DNSSEC Administration
(10 minutes)
Joe Gersch, Secure64 Software Corporation
Securing 1000's of zones at an ISP can be a laborious
administrative task. By using a secure platform to safely store
private keys, and by using a DNSSEC policy clause in the DNS
configuration file, automation, simplification, and provisioning
of DNSSEC information to other DNS servers becomes much more
practical.
* dnsX:Secure Signer. A primer in 10 slides. (10 minutes)
Michael Richardson, Xelerance Corporation
This presentation outlines a product currently in late beta
testing. It explains how the DNS signing functions of this
product fit into existing, currently deployed DNS infrastructure.
dnsX:Secure Signer automates various parts of the DNSSEC process,
including key rollover, making deploying signed zones much easier.
* Crypto Hardware and Software for Signing .UK (10 minutes)
John Dickinson, Nominet
Using HSM and acceleration hardware for DNSSEC was much harder
than we expected. This presentation will describe the lessons
learnt and discuss future work.
* Software Tools (10 minutes)
Suresh Krishnaswamy, Sparta
This part of the discussion will highlight some of the software
tools currently available for use at various DNSSEC aggregation
points.
* Discussion (35 minutes)
More information about the Dnssec-deployment
mailing list